Description

A buffer overflow, as described in CVE-2020-8927, exists in the embedded Brotli library.  Versions of IO::Compress::Brotli prior to 0.007 included a version of the brotli library prior to version 1.0.8, where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your IO::Compress::Brotli module to 0.007 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.

INFO

Published Date :

2025-05-30T00:50:28.582Z

Last Modified :

2025-05-30T22:01:41.998Z

Source :

CPANSec
AFFECTED PRODUCTS

The following products are affected by CVE-2020-36846 vulnerability.

Vendors Products
Google
  • Brotli
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2020-36846.

URL Resource
https://github.com/advisories/GHSA-5v8v-66v8-mwm7 cve-icon cve-icon
https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6 cve-icon cve-icon
https://github.com/google/brotli/pull/826 cve-icon cve-icon
https://github.com/timlegge/perl-IO-Compress-Brotli/blob/8b44c83b23bb4658179e1494af4b725a1bc476bc/Changes#L52 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2020-8927 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact