CVE-2020-14155

Description

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.

How to fix CVE-2020-14155

To remediate CVE-2020-14155, upgrade the affected package to a fixed version below.

• Alpine/pcre—upgrade to 8.43-r1 or later
• Bitnami/gitlab—upgrade to 12.10.13 or later
• Debian/pcre3—upgrade to 2:8.39-13 or later

Is CVE-2020-14155 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

• from 0, < 8.43-r1
• from 0, < 12.10.13, >= 13.0.0, < 13.0.8, >= 13.1.0, < 13.1.2
• from 0, < 2:8.39-13

CVSS scores

References (13)

• ADVISORYsecurity.alpinelinux.org/vuln/CVE-2020-14155
• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2020-14155
• WEBabout.gitlab.com/releases/2020/07/01/security-release-13-1-2-release/
• WEBbugs.gentoo.org/717920
• WEB