Описание
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1.0.3-1ubuntu1.3 |
| devel | released | 1.0.9-2 |
| esm-apps/bionic | released | 1.0.3-1ubuntu1.3 |
| esm-apps/xenial | released | 1.0.3-1ubuntu1~16.04.2 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | not-affected | 1.0.3-1ubuntu1.3 |
| esm-infra/focal | not-affected | 1.0.7-6ubuntu0.1 |
| esm-infra/xenial | not-affected | 1.0.3-1ubuntu1~16.04.2 |
| focal | released | 1.0.7-6ubuntu0.1 |
| precise/esm | DNE |
Показывать по
EPSS
6.4 Medium
CVSS2
5.3 Medium
CVSS3
Связанные уязвимости
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
A buffer overflow exists in the Brotli library versions prior to 1.0.8 ...
EPSS
6.4 Medium
CVSS2
5.3 Medium
CVSS3