A buffer overflow exists in the Brotli library versions before 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google brotli |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
fedoraproject fedora 31 |
||
fedoraproject fedora 32 |
||
fedoraproject fedora 33 |
||
fedoraproject fedora 34 |
||
fedoraproject fedora 35 |
||
fedoraproject fedora 36 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 20.04 |
||
canonical ubuntu linux 16.04 |
||
opensuse leap 15.2 |
||
microsoft visual studio 2019 |
||
microsoft .net |
||
microsoft .net core |
||
microsoft powershell |
||
microsoft visual studio 2022 17.1 |
||
microsoft visual studio 2022 |