ALT-PU-2020-2738-1
Closed vulnerabilities
Published: 2020-08-10
BDU:2021-01775
Уязвимость алгоритма сжатия данных Brotli, связанная с недостатком механизма проверки размера копируемых данных, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании
Severity: MEDIUM (6.5)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
References:
Published: 2020-09-15
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-8927
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
Severity: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
References:
- openSUSE-SU-2020:1578
- openSUSE-SU-2020:1578
- https://github.com/google/brotli/releases/tag/v1.0.9
- https://github.com/google/brotli/releases/tag/v1.0.9
- [debian-lts-announce] 20201201 [SECURITY] [DLA 2476-1] brotli security update
- [debian-lts-announce] 20201201 [SECURITY] [DLA 2476-1] brotli security update
- FEDORA-2020-c76a35b209
- FEDORA-2020-c76a35b209
- FEDORA-2022-d28042f559
- FEDORA-2022-d28042f559
- FEDORA-2020-e21bd401ad
- FEDORA-2020-e21bd401ad
- FEDORA-2020-bc9a739f0c
- FEDORA-2020-bc9a739f0c
- FEDORA-2020-22d278923a
- FEDORA-2020-22d278923a
- FEDORA-2022-5ecee47acb
- FEDORA-2022-5ecee47acb
- FEDORA-2020-9336b65f82
- FEDORA-2020-9336b65f82
- FEDORA-2020-c663fbc46c
- FEDORA-2020-c663fbc46c
- FEDORA-2022-9e046f579a
- FEDORA-2022-9e046f579a
- USN-4568-1
- USN-4568-1
- DSA-4801
- DSA-4801