CVE-2020-8927

CVSS v4.0

6.9

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions: Brotli library versions prior to 1.0.8

Description: A buffer overflow exists in the Brotli library where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. This issue can be exploited by a remote attacker to disrupt data integrity and cause a denial of service.

Recommendations: To resolve the issue, update the Brotli library to 1.0.8 or later. If updating is not possible, use the "streaming" API instead of the "one-shot" API and impose chunk size limits. For Rust users, migrate to the brotli crate, which provides a Rust implementation of Brotli compression and decompression that is not affected by this issue.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-130CWE-120

Related Identifiers

ALSA-2021:1702

ALSA-2022:0827

ALSA-2022:0830

ALT-PU-2020-2738

ALT-PU-2022-1619

ALT-PU-2022-1620

ALT-PU-2022-1627

ALT-PU-2022-1628

ALT-PU-2022-1629

ALT-PU-2023-1307

ALT-PU-2023-1308

ALT-PU-2023-1464

ALT-PU-2023-1465

ALT-PU-2023-4713

ALT-PU-2025-2023

AZL-6341

BDU:2021-01775

BIT-BROTLI-2020-8927

BIT-DOTNET-2020-8927

BIT-DOTNET-SDK-2020-8927

BIT-POWERSHELL-2020-8927

CESA-2021_1702

CESA-2022_0827

CESA-2022_0830

CVE-2020-8927

DLA-2476-1

DSA-4801-1

GHSA-5V8V-66V8-MWM7

GO-2025-3726

MGASA-2020-0385

OPENSUSE-SU-2020:1578-1

OPENSUSE-SU-2020_1578-1

OPENSUSE-SU-2021:3942-1

OPENSUSE-SU-2021_3942-1

OPENSUSE-SU-2023_3827-1

OPENSUSE-SU-2024:11708-1

OPENSUSE-SU-2024:13224-1

OPENSUSE-SU-2024_1968-1

PYSEC-2020-29

RHSA-2021:1702

RHSA-2021_1702

RHSA-2022:0827

RHSA-2022:0828

RHSA-2022:0829

RHSA-2022:0830

RHSA-2022_0827

RHSA-2022_0830

RLSA-2021:1702

RLSA-2022:0827

RLSA-2022:0830

RUSTSEC-2021-0131

RUSTSEC-2021-0132

SUSE-SU-2021:3942-1

SUSE-SU-2021_3942-1

SUSE-SU-2023:3669-1

SUSE-SU-2023:3670-1

SUSE-SU-2023:3827-1

SUSE-SU-2023_3669-1

SUSE-SU-2023_3670-1

SUSE-SU-2023_3827-1

SUSE-SU-2024:1968-1

SUSE-SU-2024_1968-1

SUSE-SU-2025:01762-1

USN-4568-1

Affected Products

Alt Linux

Almalinux

Brotli Library

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2020-8927

Weakness Enumeration

Related Identifiers

Affected Products

References · 114