CVE-2020-8927

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2020-8927
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2020-09-15 10:15:00 UTC
Updated2023-11-07 03:26:00 UTC
DescriptionA buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.

Risk And Classification

Problem Types: CWE-120

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Canonical Ubuntu Linux 16.04 All All All
Operating System Canonical Ubuntu Linux 18.04 All All All
Operating System Canonical Ubuntu Linux 20.04 All All All
Operating System Debian Debian Linux 10.0 All All All
Operating System Debian Debian Linux 9.0 All All All
Operating System Fedoraproject Fedora 31 All All All
Operating System Fedoraproject Fedora 32 All All All
Operating System Fedoraproject Fedora 33 All All All
Operating System Fedoraproject Fedora 34 All All All
Operating System Fedoraproject Fedora 35 All All All
Operating System Fedoraproject Fedora 36 All All All
Application Google Brotli All All All All
Application Google Brotli All All All All
Application Microsoft .net All All All All
Application Microsoft .net Core All All All All
Application Microsoft Powershell All All All All
Application Microsoft Visual Studio 2019 All All All All
Application Microsoft Visual Studio 2022 17.1 All All All
Application Microsoft Visual Studio 2022 All All All All
Operating System Opensuse Leap 15.2 All All All

References

ReferenceSourceLinkTags
[SECURITY] Fedora 31 Update: golang-github-andybalholm-brotli-1.0.1-1.fc31 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
[SECURITY] Fedora 32 Update: brotli-1.0.9-3.fc32 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
[SECURITY] Fedora 34 Update: dotnet3.1-3.1.417-1.fc34 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
[SECURITY] Fedora 31 Update: brotli-1.0.9-3.fc31 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
Release v1.0.9 · google/brotli · GitHub CONFIRM github.com Release Notes, Third Party Advisory
Debian -- Security Information -- DSA-4801-1 brotli DEBIAN www.debian.org
[SECURITY] Fedora 32 Update: golang-github-andybalholm-brotli-1.0.1-1.fc32 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
[SECURITY] [DLA 2476-1] brotli security update MLIST lists.debian.org
[SECURITY] Fedora 31 Update: brotli-1.0.9-3.fc31 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
[SECURITY] Fedora 32 Update: golang-github-andybalholm-brotli-1.0.1-1.fc32 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
[SECURITY] Fedora 35 Update: dotnet3.1-3.1.417-1.fc35 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
USN-4568-1: Brotli vulnerability | Ubuntu security notices | Ubuntu UBUNTU usn.ubuntu.com
[SECURITY] Fedora 36 Update: dotnet3.1-3.1.417-1.fc36 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
[SECURITY] Fedora 33 Update: golang-github-andybalholm-brotli-1.0.1-1.fc33 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
[SECURITY] Fedora 33 Update: brotli-1.0.9-3.fc33 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
[SECURITY] Fedora 33 Update: brotli-1.0.9-3.fc33 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
[SECURITY] Fedora 32 Update: brotli-1.0.9-3.fc32 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
[security-announce] openSUSE-SU-2020:1578-1: moderate: Security update f SUSE lists.opensuse.org
[SECURITY] Fedora 33 Update: golang-github-andybalholm-brotli-1.0.1-1.fc33 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
[SECURITY] Fedora 36 Update: dotnet3.1-3.1.417-1.fc36 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
[SECURITY] Fedora 34 Update: dotnet3.1-3.1.417-1.fc34 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
[SECURITY] Fedora 35 Update: dotnet3.1-3.1.417-1.fc35 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
[SECURITY] Fedora 31 Update: golang-github-andybalholm-brotli-1.0.1-1.fc31 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Vendor Comments And Credit

Discovery Credit

LEGACY: Jay Lv <[email protected]>

Legacy QID Mappings

  • 159206 Oracle Enterprise Linux Security Update for brotli (ELSA-2021-1702)
  • 159702 Oracle Enterprise Linux Security Update for .net 5.0 security and bugfix update (ELSA-2022-0830)
  • 159703 Oracle Enterprise Linux Security Update for .net core 3.1 security and bugfix update (ELSA-2022-0827)
  • 239317 Red Hat Update for brotli (RHSA-2021:1702)
  • 240126 Red Hat Update for .net 5.0 (RHSA-2022:0830)
  • 240131 Red Hat Update for .net 5.0 on rhel 7 (RHSA-2022:0828)
  • 240134 Red Hat Update for .net core 3.1 on rhel 7 (RHSA-2022:0829)
  • 240135 Red Hat Update for .net core 3.1 (RHSA-2022:0827)
  • 282524 Fedora Security Update for dotnet3.1 (FEDORA-2022-d28042f559)
  • 282525 Fedora Security Update for dotnet3.1 (FEDORA-2022-5ecee47acb)
  • 377394 Alibaba Cloud Linux Security Update for brotli (ALINUX3-SA-2022:0118)
  • 500075 Alpine Linux Security Update for brotli
  • 503751 Alpine Linux Security Update for brotli
  • 730371 McAfee Web Gateway Multiple Vulnerabilities (WP-3335,WP-4131,WP-4159,WP-4237,WP-4259,WP-4329,WP-4348,WP-4355,WP-4376,WP-4407,WP-4421)
  • 750614 OpenSUSE Security Update for brotli (openSUSE-SU-2020:1578-1)
  • 751460 OpenSUSE Security Update for brotli (openSUSE-SU-2021:3942-1)
  • 754875 SUSE Enterprise Linux Security Update for python-brotlipy (SUSE-SU-2023:3669-1)
  • 754963 SUSE Enterprise Linux Security Update for python-brotlipy (SUSE-SU-2023:3827-1)
  • 900205 CBL-Mariner Linux Security Update for brotli 1.0.7
  • 901706 Common Base Linux Mariner (CBL-Mariner) Security Update for brotli (6341-1)
  • 903579 Common Base Linux Mariner (CBL-Mariner) Security Update for powershell (9079)
  • 903623 Common Base Linux Mariner (CBL-Mariner) Security Update for brotli (2537)
  • 91868 Microsoft .NET Security Update for March 2022
  • 940313 AlmaLinux Security Update for brotli (ALSA-2021:1702)
  • 940461 AlmaLinux Security Update for .NET (ALSA-2022:0827)
  • 940462 AlmaLinux Security Update for .NET (ALSA-2022:0830)
  • 960227 Rocky Linux Security Update for brotli (RLSA-2021:1702)
  • 960696 Rocky Linux Security Update for .NET (RLSA-2022:0827)
  • 960850 Rocky Linux Security Update for .NET (RLSA-2022:0830)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report