CVE-2020-8927

{"id": "CVE-2020-8927", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "cve-coordination@google.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2020-09-15T10:15:12.887", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://github.com/google/brotli/releases/tag/v1.0.9", "tags": ["Release Notes", "Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "source": "cve-coordination@google.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "source": "cve-coordination@google.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "source": "cve-coordination@google.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "source": "cve-coordination@google.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "source": "cve-coordination@google.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "source": "cve-coordination@google.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "source": "cve-coordination@google.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "source": "cve-coordination@google.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "source": "cve-coordination@google.com"}, {"url": "https://usn.ubuntu.com/4568-1/", "tags": ["Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://www.debian.org/security/2020/dsa-4801", "tags": ["Third Party Advisory"], "source": "cve-coordination@google.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-120"}]}, {"type": "Secondary", "source": "cve-coordination@google.com", "description": [{"lang": "en", "value": "CWE-130"}]}], "descriptions": [{"lang": "en", "value": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits."}, {"lang": "es", "value": "Se presenta un desbordamiento del b\u00fafer en la biblioteca Brotli versiones anteriores a 1.0.8, donde un atacante que controla la longitud de entrada de una petici\u00f3n de descompresi\u00f3n \"one-shot\" en un script puede desencadenar un bloqueo, que ocurre cuando se copian fragmentos de datos de m\u00e1s de 2 GiB . Se recomienda actualizar su biblioteca de Brotli a la versi\u00f3n 1.0.8 o posterior. Si no se puede actualizar, recomendamos usar la API \"streaming\" en lugar de la API \"one-shot\" e imponer l\u00edmites de tama\u00f1o de fragmentos"}], "lastModified": "2023-11-07T03:26:47.563", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:google:brotli:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A0C4F94-96AA-45AE-A3A6-55DE4FD744E3", "versionEndExcluding": "1.0.8"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "vulnerable": true, "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D986C83E-F055-4861-B3FC-D1AE2662A826", "versionEndIncluding": "5.0.14", "versionStartIncluding": "5.0"}, {"criteria": "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB57B616-F5BD-47B7-BBD0-AF58976CEE10", "versionEndIncluding": "3.1.22", "versionStartIncluding": "3.1"}, {"criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77F72A4A-239D-4362-B42C-2B125FD977AB", "versionEndExcluding": "7.0.9", "versionStartIncluding": "7.0"}, {"criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2C644EF-33B6-440F-8051-6A0D3C096F67", "versionEndExcluding": "7.1.6", "versionStartIncluding": "7.1"}, {"criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD5CE10E-FCBF-4FBA-9B4E-BEB7F7E902A1", "versionEndExcluding": "7.2.2", "versionStartIncluding": "7.2"}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9984FFB-8AFA-438F-B762-B98649B64B23", "versionEndIncluding": "16.11", "versionStartIncluding": "16.0"}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "962BF425-75A7-4743-A3EA-275F8D66A00B", "versionEndIncluding": "17.0.7", "versionStartIncluding": "17.0"}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:17.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "950638D8-6997-4058-8A9E-6153A7FC3B32"}], "operator": "OR"}]}], "sourceIdentifier": "cve-coordination@google.com"}