Rapid7 Vulnerability & Exploit Database

Red Hat: CVE-2020-8927: CVE-2020-8927 brotli: buffer overflow when input chunk is larger than 2GiB (Multiple Advisories)

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Red Hat: CVE-2020-8927: CVE-2020-8927 brotli: buffer overflow when input chunk is larger than 2GiB (Multiple Advisories)

Severity
6
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:P)
Published
09/15/2020
Created
05/21/2021
Added
05/21/2021
Modified
12/15/2023

Description

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.

Solution(s)

  • redhat-upgrade-aspnetcore-runtime-3-1
  • redhat-upgrade-aspnetcore-runtime-5-0
  • redhat-upgrade-aspnetcore-targeting-pack-3-1
  • redhat-upgrade-aspnetcore-targeting-pack-5-0
  • redhat-upgrade-brotli
  • redhat-upgrade-brotli-debuginfo
  • redhat-upgrade-brotli-debugsource
  • redhat-upgrade-brotli-devel
  • redhat-upgrade-dotnet-apphost-pack-3-1
  • redhat-upgrade-dotnet-apphost-pack-3-1-debuginfo
  • redhat-upgrade-dotnet-apphost-pack-5-0
  • redhat-upgrade-dotnet-apphost-pack-5-0-debuginfo
  • redhat-upgrade-dotnet-hostfxr-3-1
  • redhat-upgrade-dotnet-hostfxr-3-1-debuginfo
  • redhat-upgrade-dotnet-hostfxr-5-0
  • redhat-upgrade-dotnet-hostfxr-5-0-debuginfo
  • redhat-upgrade-dotnet-runtime-3-1
  • redhat-upgrade-dotnet-runtime-3-1-debuginfo
  • redhat-upgrade-dotnet-runtime-5-0
  • redhat-upgrade-dotnet-runtime-5-0-debuginfo
  • redhat-upgrade-dotnet-sdk-3-1
  • redhat-upgrade-dotnet-sdk-3-1-debuginfo
  • redhat-upgrade-dotnet-sdk-3-1-source-built-artifacts
  • redhat-upgrade-dotnet-sdk-5-0
  • redhat-upgrade-dotnet-sdk-5-0-debuginfo
  • redhat-upgrade-dotnet-sdk-5-0-source-built-artifacts
  • redhat-upgrade-dotnet-targeting-pack-3-1
  • redhat-upgrade-dotnet-targeting-pack-5-0
  • redhat-upgrade-dotnet-templates-3-1
  • redhat-upgrade-dotnet-templates-5-0
  • redhat-upgrade-dotnet3-1-debuginfo
  • redhat-upgrade-dotnet3-1-debugsource
  • redhat-upgrade-dotnet5-0-debuginfo
  • redhat-upgrade-dotnet5-0-debugsource
  • redhat-upgrade-python3-brotli
  • redhat-upgrade-python3-brotli-debuginfo

References

  • DSA-4801
  • CVE-2020-8927
  • RHSA-2021:1702
  • RHSA-2022:0827
  • RHSA-2022:0830

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;