PYSEC-2020-29

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/brotli/PYSEC-2020-29.yaml
JSON Data
https://api.test.osv.dev/v1/vulns/PYSEC-2020-29
Aliases
Published
2020-09-15T10:15:00Z
Modified
2024-09-11T06:12:39.378973Z
Summary
[none]
Details

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.

References

Affected packages

PyPI / brotli

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.8

Affected versions

0.*

0.5.2
0.6.0

1.*

1.0.1
1.0.4
1.0.6
1.0.7