← Back

Brotli

brotli

Vendor: Google • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-8927
6Canonical
DebianFedoraproject+3 more
10.net
.net CoreBrotli+7 more
Nov 21, 2024
Sep 15, 2020
N/A· v4
6.5 MEDIUM· v3
6.4 MEDIUM· v2
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over...Show more
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.Show less