Published: 15/09/2020 Updated: 07/11/2023

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

CVSS v3 Base Score: 6.5 | Impact Score: 2.5 | Exploitability Score: 3.9

VMScore: 571

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P

A buffer overflow exists in the Brotli library versions before 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google brotli
debian debian linux 9.0
debian debian linux 10.0
fedoraproject fedora 31
fedoraproject fedora 32
fedoraproject fedora 33
fedoraproject fedora 34
fedoraproject fedora 35
fedoraproject fedora 36
canonical ubuntu linux 18.04
canonical ubuntu linux 20.04
canonical ubuntu linux 16.04
opensuse leap 15.2
microsoft visual studio 2019
microsoft .net
microsoft .net core
microsoft powershell
microsoft visual studio 2022 17.1
microsoft visual studio 2022

A buffer overflow was discovered in Brotli, a generic-purpose lossless compression suite For the stable distribution (buster), this problem has been fixed in version 107-2+deb10u1 We recommend that you upgrade your brotli packages For the detailed security status of brotli please refer to its security tracker page at: security-tracker ...

Synopsis Important: NET Core 31 on RHEL 7 security and bugfix update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for NET Core 31 is now available for Red Hat Enterprise Linux 7Red Hat Product Security h ...

Synopsis Important: NET 50 security and bugfix update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for NET 50 is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update ...

Synopsis Important: NET 50 on RHEL 7 security and bugfix update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for NET 50 is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated t ...

Synopsis Important: NET Core 31 security and bugfix update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for NET Core 31 is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated t ...

Synopsis Moderate: OpenShift Container Platform 4103 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4103 is now available withupdates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impact of ...

Synopsis Important: Service Telemetry Framework 14 security update Type/Severity Security Advisory: Important Topic An update is now available for Service Telemetry Framework 14 for RHEL 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which g ...

A buffer overflow exists in the Brotli library < 108, where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB It is recommended to update your Brotli library to 108 or later If one cannot update, we recommend to us ...

CVE-2020-8927

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect