gsd-2020-8927
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-8927",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"id": "GSD-2020-8927",
"references": [
"https://www.suse.com/security/cve/CVE-2020-8927.html",
"https://www.debian.org/security/2020/dsa-4801",
"https://access.redhat.com/errata/RHSA-2021:1702",
"https://access.redhat.com/errata/RHSA-2022:0830",
"https://access.redhat.com/errata/RHSA-2022:0829",
"https://access.redhat.com/errata/RHSA-2022:0828",
"https://access.redhat.com/errata/RHSA-2022:0827",
"https://ubuntu.com/security/CVE-2020-8927",
"https://advisories.mageia.org/CVE-2020-8927.html",
"https://security.archlinux.org/CVE-2020-8927",
"https://linux.oracle.com/cve/CVE-2020-8927.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-8927"
],
"details": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"id": "GSD-2020-8927",
"modified": "2023-12-13T01:21:53.897551Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2020-8927",
"STATE": "PUBLIC",
"TITLE": "Buffer overflow in Brotli library"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brotli",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "stable",
"version_value": "1.0.7"
}
]
}
}
]
},
"vendor_name": "Google LLC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jay Lv \u003cnengzhi.pnz@antgroup.com\u003e"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-130 Improper Handling of Length Parameter Inconsistency "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/google/brotli/releases/tag/v1.0.9",
"refsource": "CONFIRM",
"url": "https://github.com/google/brotli/releases/tag/v1.0.9"
},
{
"name": "openSUSE-SU-2020:1578",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html"
},
{
"name": "FEDORA-2020-22d278923a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/"
},
{
"name": "USN-4568-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4568-1/"
},
{
"name": "FEDORA-2020-c663fbc46c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/"
},
{
"name": "FEDORA-2020-e21bd401ad",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/"
},
{
"name": "FEDORA-2020-bc9a739f0c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/"
},
{
"name": "FEDORA-2020-9336b65f82",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/"
},
{
"name": "FEDORA-2020-c76a35b209",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/"
},
{
"name": "[debian-lts-announce] 20201201 [SECURITY] [DLA 2476-1] brotli security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html"
},
{
"name": "DSA-4801",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4801"
},
{
"name": "FEDORA-2022-9e046f579a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/"
},
{
"name": "FEDORA-2022-5ecee47acb",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/"
},
{
"name": "FEDORA-2022-d28042f559",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c1.0.8",
"affected_versions": "All versions before 1.0.8",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2020-12-02",
"description": "A buffer overflow exists in the Brotli library where an attacker controlling the input length of a one-shot decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB.",
"fixed_versions": [
"1.0.9"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"CVE-2020-8927"
],
"not_impacted": "All versions starting from 1.0.8",
"package_slug": "conan/brotli",
"pubdate": "2020-09-15",
"solution": "Upgrade to version 1.0.9 or above.",
"title": "Buffer Overflow",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927"
],
"uuid": "8c793170-8c8b-4a88-8601-436bc0a7606b"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "3cfb6c8e-6090-4583-a537-f53ec6c594ee"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "d8d88d84-c627-450b-8727-29249183d1fa"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "13e11d03-ba1e-4493-a826-ed4af68d544d"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "dc858289-2f7c-42a6-b31d-d41b61edc6ea"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.browser-wasm",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "71184543-cf24-47b4-a51d-020b8547bc5e"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-arm",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "9f7e1da4-45e4-4e60-bb5d-53a0e848aa8b"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "e72c8899-418b-4bdd-8b7d-3dafa9b30e71"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "9812fad4-d2b2-422d-8c0d-73c108ad289b"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "2348d3e2-a6a2-4c63-8f13-aba0fb20934f"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.browser-wasm",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "039452b6-76c8-4380-bff7-5979278093d6"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.ios-arm",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "4fd27d65-d6f2-41fe-bd12-0ef8410137f1"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.ios-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "9bd1b961-827b-40ce-b789-33f25e888831"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.iossimulator-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "4aa5c258-b2ee-4002-bd89-7351fbed847f"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.iossimulator-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "4d3a7dee-3874-46e8-9a88-b99d02a2aa48"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.iossimulator-x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "8b19515e-c193-424e-a0b5-1e4de73ce258"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.maccatalyst-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "af13c1e6-2230-4b4e-993c-64622a64b944"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.maccatalyst-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "7b0ee75a-e60e-4213-a4e3-0f094e95e119"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.tvos-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "072eb70e-0224-443f-aa65-bd1fd1373d79"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.tvossimulator-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "e489fc5b-c4c6-4d4d-8d42-a6b7e9969334"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.tvossimulator-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "27fc7862-1335-401e-ae86-b9fd7a163136"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm.Msi.x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "50477955-21c0-4aa0-b5b9-c9906d286184"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "b9b524ce-65bf-4dc9-8fb0-1c947be3eb40"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm64.Msi.x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "429436d7-2afe-49b2-9fd7-254d05972059"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "020d3783-4649-400f-8396-abe017cc4572"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x64.Msi.x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "cbe75b41-b671-440b-9a0a-eccecd08b731"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "4e240a0c-b414-4ae3-9f86-a14c038785dd"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x86.Msi.x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "d84d4273-730e-40ad-99ea-1ebcf4a0c6e7"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "ed023747-4f59-40ba-bc9e-2a3256009f9c"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.browser-wasm.Msi.x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "c4d54248-7a02-4dd4-91f0-64bf7e003a2f"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.browser-wasm",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "7aa8f100-5fc7-446f-bd92-e6e0cbb5c0c5"
},
{
"affected_range": "[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "5a60d28d-21ef-4923-9d5c-b3e70a9fc49e"
},
{
"affected_range": "[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "42ccc8ec-dbe6-4b94-9e45-6da3d730b403"
},
{
"affected_range": "[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.osx-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "c97454f2-c986-4390-ad5e-6029dd059c98"
},
{
"affected_range": "[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "30b0035e-7c8e-4bd2-b5fb-73ccc9f4dea3"
},
{
"affected_range": "[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "8e7fdff4-e7ff-41bb-a05c-d2961ed7d5d8"
},
{
"affected_range": "[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.LLVM.osx-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "4808adf8-f4ac-4e3a-a66e-29efaa869a79"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-arm.Msi.arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "2a890f83-3100-4055-a2d0-23670565ec47"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-arm.Msi.x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "c775a827-b0bf-46fb-aac9-c82e496a4ccd"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-arm.Msi.x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "ebf9cf13-c5fe-43d5-aa61-06796b541a4c"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-arm",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "5518f59a-8800-47dc-be56-19c78eff5316"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-arm64.Msi.arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "817d3f8b-a6e6-4a3f-8a13-e9d3682f0a77"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-arm64.Msi.x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "f5f2c952-72e6-4c6e-93ac-6d0929227344"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-arm64.Msi.x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "bb1dfd69-ddd3-4148-85f7-6be477b470d8"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "2bcebc38-b2ca-45c6-9a75-a59228e774f6"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "93a1d6aa-4b01-4e34-98fd-66f56484c506"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "98b93b6b-09cd-43a1-b3fc-64627ee46862"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "6353f8ad-f637-4a8b-b197-82c3bf53f1d7"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "73fc4515-8c17-4454-84c1-dadac784702e"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-x86.Msi.arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "d53413bc-716d-4b9d-b8c5-a350486e6ac8"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-x86.Msi.x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "a64cc3e0-5904-46cc-952e-0970da3e7f85"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-x86.Msi.x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "81e46feb-52ee-4eb0-8bc4-6bd2f69942d1"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "dc95542c-9b27-476b-a66c-6f2482966218"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "efa3028f-58b3-4fe5-9f65-c143c67e8ff2"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "bf0d54a6-c1ad-4043-a3e3-b90439ac5825"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "78c8e261-cb62-4819-b319-6b23337bb98a"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.browser-wasm",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "9ccb2a7f-d38f-4fb6-b8ce-fbc41a14da87"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.ios-arm.Msi.arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "a75f46b5-f4bd-4ca9-8c27-91c1b8bd35b9"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.ios-arm.Msi.x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "65ab7edc-b0d9-4c0d-b4dc-4135d6b26e3e"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.ios-arm",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "0bc5feb7-054b-43ac-822d-683976d74510"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "2d190e54-75a8-4751-9dfd-dc42d01b332c"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "b333fbe5-1ed4-40f8-94e1-13245ceb7e5b"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "28664e0b-059e-4045-8588-f50407514dd3"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.ios-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "f312ee83-3c67-4ee3-b23a-3393757c15b0"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "1d51c6d6-1f1f-4652-ac98-772f5cd16a69"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "b4434ef7-5b38-4a80-bc1e-64cbff62e10b"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "dc81a0f1-a3a9-4f42-8f2f-10275a34ee40"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "ccbebba2-82ea-49ff-809f-1c67d89bedc5"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64.Msi.arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "1827f9ae-fd8f-4a60-b2dd-41a13e633536"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64.Msi.x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "87e01711-60fb-4271-ba3f-8c852fb94bbe"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64.Msi.x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "758e8466-a0b0-4fff-b9ba-122fbb0e4dde"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "a406594c-31ba-40aa-9a89-50b5e5712d3a"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "f7d82f95-66fb-4a7a-9ae4-4dccced13a1a"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "02b4a8d2-37d3-40fc-9942-56c1d684f553"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "fbb4d9d4-52a0-4849-92da-9da54f45e3b9"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "3841ba2d-df7f-473b-b398-522d989c5b90"
},
{
"affected_range": "[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.linux-arm",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "6352df0c-eb73-4b50-89e8-814572da64b3"
},
{
"affected_range": "[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.linux-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "0e15ab07-5668-4e36-aef1-4e980a9daafc"
},
{
"affected_range": "[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.linux-musl-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "d7fb0dc2-dcf4-44c2-895e-7b42adc1782d"
},
{
"affected_range": "[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.linux-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "d21deab9-3190-4fc3-b445-e797d65e261c"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64.Msi.arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "1c91c6e8-2d40-41b8-96b1-17065c9eb62a"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64.Msi.x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "a36c0b54-32cc-4fd0-955c-a4f8bfd46490"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64.Msi.x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "e60ba79f-642b-4da6-8a32-888b260046a2"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "8c32544d-f2c5-4c80-ad05-a0aac7cd02f8"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "f12b47aa-691e-489b-892b-9c5c2011ae34"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "d28e1481-2d01-4b85-a95f-5f6ba9a651fe"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "e27d4461-1fc7-4475-9d38-0d1204130d65"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "6271e5b4-96e2-44b5-96f4-0aaa2dd89bca"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.osx-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "033efd0f-5fcb-41eb-a19d-eda548ef5d32"
},
{
"affected_range": "[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.osx-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "467552f1-a189-4573-bd42-9c5e8ba989b6"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "fafc6c39-0e05-4d07-93d1-a824b2519889"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "18fb1691-0571-4cdb-823a-0e4d9e20eaeb"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "29cc6f42-908a-4240-a149-9399b4bab215"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.tvos-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "05d55ba3-7d1d-4661-811b-0d1fc48a63e9"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "e46d6528-75c6-45da-ba4a-3ad52fa68cb6"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "6f9a3c82-99c7-41d0-b382-605d11c06001"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "e236c808-d817-4af5-a94d-210b466bab74"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "e47c739c-5e40-4564-af79-f638f75c68c9"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "d1bb85fe-a13f-45bc-9f73-3bb526560fea"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "f96f2f17-9dc6-4e33-ad9d-6ace97b7ee2e"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "55919a40-c2d3-45fe-ac8d-57d0796ca7a7"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "49bc6a25-8f66-45a3-aa21-c9dad0db2355"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.win-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "8256f040-bf1a-405f-a9f2-e7938c318be1"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.win-x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "c0792999-3c30-43a7-b1c0-40d0eb017944"
},
{
"affected_range": "[5.0.0,5.0.15)",
"affected_versions": "All versions starting from 5.0.0 before 5.0.15",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"5.0.15"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 5.0.0, all versions starting from 5.0.15",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.browser-wasm",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 5.0.15 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "625246b9-c53f-4aae-a849-8f0b3ea47337"
},
{
"affected_range": "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"3.1.23",
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.linux-arm",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "512d072d-f164-45c6-88e1-1a0caa3dd99c"
},
{
"affected_range": "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"3.1.23",
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.linux-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "1a087926-ffe8-450a-9410-b3964fa3d109"
},
{
"affected_range": "[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.linux-musl-arm",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "ab1111f6-5ba4-463e-b475-fbc723c0d6d7"
},
{
"affected_range": "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"3.1.23",
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.linux-musl-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "65832883-f345-4cff-9beb-dd5023718717"
},
{
"affected_range": "[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.linux-musl-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "e4c54761-10c7-41e6-9c7f-542975e9b393"
},
{
"affected_range": "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"3.1.23",
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.linux-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "68df4c81-ebe3-4558-a182-6f6cf108b304"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.osx-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "6ac76c67-6bbc-4d10-91ca-a222085b79df"
},
{
"affected_range": "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"3.1.23",
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.osx-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "0c600e02-0809-485c-a853-4e1905ab3eac"
},
{
"affected_range": "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"3.1.23",
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.win-arm",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "805fec2b-bf1e-454f-9b07-ae9b81dc4fdd"
},
{
"affected_range": "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"3.1.23",
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.win-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "8c1c0453-90ee-4b79-96b2-5a0ec97f709b"
},
{
"affected_range": "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"3.1.23",
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.win-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "d101aa73-1a4d-4b19-85dc-3be3d02bafec"
},
{
"affected_range": "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"3.1.23",
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.win-x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "8fa5d563-01c8-4eaa-8aa8-30c0d22855b9"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:google:brotli:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.8",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.0.14",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.1.22",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.0.9",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.1.6",
"versionStartIncluding": "7.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.2.2",
"versionStartIncluding": "7.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.11",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.0.7",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2022:17.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2020-8927"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/google/brotli/releases/tag/v1.0.9",
"refsource": "CONFIRM",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/google/brotli/releases/tag/v1.0.9"
},
{
"name": "openSUSE-SU-2020:1578",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html"
},
{
"name": "FEDORA-2020-22d278923a",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/"
},
{
"name": "USN-4568-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4568-1/"
},
{
"name": "FEDORA-2020-c663fbc46c",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/"
},
{
"name": "FEDORA-2020-bc9a739f0c",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/"
},
{
"name": "FEDORA-2020-e21bd401ad",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/"
},
{
"name": "FEDORA-2020-9336b65f82",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/"
},
{
"name": "FEDORA-2020-c76a35b209",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/"
},
{
"name": "[debian-lts-announce] 20201201 [SECURITY] [DLA 2476-1] brotli security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html"
},
{
"name": "DSA-4801",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4801"
},
{
"name": "FEDORA-2022-9e046f579a",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/"
},
{
"name": "FEDORA-2022-5ecee47acb",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/"
},
{
"name": "FEDORA-2022-d28042f559",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
},
"lastModifiedDate": "2022-04-22T18:53Z",
"publishedDate": "2020-09-15T10:15Z"
}
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.