58 matches found
CVE-2026-44432
urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...
urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API
Impact urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or...
RHSA-2026:2401 Red Hat Security Advisory: brotli security update
Bulletin has no description...
RHSA-2026:2229 Red Hat Security Advisory: brotli security update
Bulletin has no description...
RHSA-2026:0845 Red Hat Security Advisory: brotli security update
Bulletin has no description...
python311-Brotli-1.2.0-1.1 on GA media (moderate)
python311-Brotli-1.2.0-1.1 on GA media Announcement ID: openSUSE-SU-2025:15731-1 Rating: moderate Cross-References: CVE-2025-6176 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...
EUVD-2020-0057
Malware in sbrugna...
BIT-POWERSHELL-2020-8927 Buffer overflow in Brotli library
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli...
TencentOS Server 3: brotli (TSSA-2022:0118)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0118 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
CVE-2020-36846
A buffer overflow, as described in CVE-2020-8927, exists in the embedded Brotli library. Versions of IO::Compress::Brotli prior to 0.007 included a version of the brotli library prior to version 1.0.8, where an attacker controlling the input length of a "one-shot" decompression request to a scrip...
SUSE CVE-2020-36846
A buffer overflow, as described in CVE-2020-8927, exists in the embedded Brotli library. Versions of IO::Compress::Brotli prior to 0.007 included a version of the brotli library prior to version 1.0.8, where an attacker controlling the input length of a "one-shot" decompression request to a scrip...
CVE-2020-36846
A buffer overflow, as described in CVE-2020-8927, exists in the embedded Brotli library. Versions of IO::Compress::Brotli prior to 0.007 included a version of the brotli library prior to version 1.0.8, where an attacker controlling the input length of a "one-shot" decompression request to a scrip...
CVE-2020-36846
A buffer overflow, as described in CVE-2020-8927, exists in the embedded Brotli library. Versions of IO::Compress::Brotli prior to 0.007 included a version of the brotli library prior to version 1.0.8, where an attacker controlling the input length of a "one-shot" decompression request to a scrip...
CVE-2020-36846
A buffer overflow, as described in CVE-2020-8927, exists in the embedded Brotli library. Versions of IO::Compress::Brotli prior to 0.007 included a version of the brotli library prior to version 1.0.8, where an attacker controlling the input length of a "one-shot" decompression request to a scrip...
CVE-2020-36846
CVE-2020-36846 maps to IO::Compress::Brotli using an embedded Brotli library vulnerable to a buffer overflow (CVE-2020-8927). Affected: IO::Compress::Brotli versions < 0.007 bundled with Brotli
Alibaba Cloud Linux 3 : 0118: brotli (ALINUX3-SA-2022:0118)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2022:0118 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-8927: A buffer overflow exists in the Brot...
BIT-DOTNET-SDK-2020-8927 Buffer overflow in Brotli library
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli...
BIT-DOTNET-2020-8927 Buffer overflow in Brotli library
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli...
BIT-BROTLI-2020-8927 Buffer overflow in Brotli library
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli...
Rocky Linux 8 : .NET 5.0 (RLSA-2022:0830)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0830 advisory. - A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a one-shot decompression...