CVE-2020-8927

 

Published at: - 15-09-2020 12:15

Last modified: - 20-10-2022 10:02

Total changes: - 7

Description

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

 

Verification logic

 

Reference

• https://github.com/google/brotli/releases/tag/v1.0.9
• openSUSE-SU-2020:1578-Mailing List, Third Party Advisory
• FEDORA-2020-22d278923a-Mailing List, Third Party Advisory
• USN-4568-1-Third Party Advisory
• FEDORA-2020-c663fbc46c-Mailing List, Third Party Advisory
• FEDORA-2020-bc9a739f0c-Mailing List, Third Party Advisory
• FEDORA-2020-e21bd401ad-Mailing List, Third Party Advisory
• FEDORA-2020-9336b65f82-Mailing List, Third Party Advisory
• FEDORA-2020-c76a35b209-Mailing List, Third Party Advisory
• [debian-lts-announce] 20201201 [SECURITY] [DLA 2476-1] brotli security update-Mailing List, Third Party Advisory
• DSA-4801-Third Party Advisory
• FEDORA-2022-9e046f579a-Mailing List, Third Party Advisory
• FEDORA-2022-5ecee47acb-Mailing List, Third Party Advisory
• FEDORA-2022-d28042f559-Mailing List, Third Party Advisory

 

Keywords

NVD

 

CVE-2020-8927

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures