Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS

Scrapy are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occur...

CVE-2025-64508

Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.5, brotli "bombs" highly compressed brotli streams, such as many zeros can be sent to the server. Since the server will attempt to decompress these streams before applying various maximums, this can lead to exhaustion of the...

CVE-2025-64508

Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.5, brotli "bombs" highly compressed brotli streams, such as many zeros can be sent to the server. Since the server will attempt to decompress these streams before applying various maximums, this can lead to exhaustion of the...

CVE-2025-64508

CVE-2025-64508 affects Bugsink, a self-hosted error-tracking tool. In versions prior to 2.0.5, specially crafted Brotli streams (brotli bombs) can cause memory exhaustion when the server decompresses input before applying limits, enabling a Denial of Service if the DSN is known. The issue is expl...