CVE-2020-8927
MEDIUM6.5EPSS 0.31%brotli - security update
發布日:2020/9/15修改日:2026/3/9
描述
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
受影響套件(4)
- Alpine/brotlifrom 0, < 1.0.9-r0
- Debian/brotlifrom 0, < 1.0.9-1
- Debian/brotlifrom 0, < 0.5.2+dfsg-2+deb9u1
- Debian/brotlifrom 0, < 1.0.7-2+deb10u1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L |