Skip to main content

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

1
CVE Published
Jun 15, 2020 - 17:15 nvd
MEDIUM 5.3

DescriptionNVD

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.

AnalysisAI

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. Affected products include: Pcre, Apple Macos, Gitlab, Oracle Communications Cloud Native Core Policy, Netapp Active Iq Unified Manager. Version information: before 8.44.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.

More in Pcre

View all
CVE-2016-3191 CRITICAL POC
9.8 Mar 17

The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandl

CVE-2015-3210 CRITICAL POC
9.8 Dec 13

Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code v

CVE-2016-1283 CRITICAL POC
9.8 Jan 03

The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the. Rated critical severity (CVSS 9.8), this vulne

CVE-2015-5073 CRITICAL POC
9.1 Dec 13

Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attacker

CVE-2015-2328 HIGH POC
7.5 Dec 02

PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remo

CVE-2015-3217 HIGH POC
7.5 Dec 13

PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cau

CVE-2015-8391 CRITICAL
9.8 Dec 02

The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attac

CVE-2017-7186 HIGH
7.5 Mar 20

libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation viol

CVE-2017-6004 HIGH
7.5 Feb 16

The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP

CVE-2017-7246 HIGH
7.8 Mar 23

Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote a

CVE-2017-7245 HIGH
7.8 Mar 23

Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote a

CVE-2017-11164 HIGH
7.5 Jul 11

In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursio

Share

CVE-2020-14155 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy