A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| compu-brotli-sys(crates.io) | 0 | 1.0.9 | N/A |
| Microsoft.NETCore.App.Runtime.linux-arm(NuGet) | 3.0.0 | 3.1.23 | N/A |
| Microsoft.NETCore.App.Runtime.linux-arm64(NuGet) | 3.0.0 | 3.1.23 | N/A |
| Microsoft.NETCore.App.Runtime.linux-musl-arm64(NuGet) | 3.0.0 | 3.1.23 | N/A |
| Microsoft.NETCore.App.Runtime.linux-x64(NuGet) | 3.0.0 | 3.1.23 | N/A |
| Microsoft.NETCore.App.Runtime.osx-x64(NuGet) | 3.0.0 | 3.1.23 | N/A |
| Microsoft.NETCore.App.Runtime.win-arm(NuGet) | 3.0.0 | 3.1.23 | N/A |
| Microsoft.NETCore.App.Runtime.win-arm64(NuGet) | 3.0.0 | 3.1.23 | N/A |
| Microsoft.NETCore.App.Runtime.win-x64(NuGet) | 3.0.0 | 3.1.23 | N/A |
| Microsoft.NETCore.App.Runtime.win-x86(NuGet) | 3.0.0 | 3.1.23 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-arm64(NuGet) | 5.0.0 | 5.0.15 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-x64(NuGet) | 5.0.0 | 5.0.15 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.osx-x64(NuGet) | 5.0.0 | 5.0.15 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-arm64(NuGet) | 5.0.0 | 5.0.15 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-x64(NuGet) | 5.0.0 | 5.0.15 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.LLVM.osx-x64(NuGet) | 5.0.0 | 5.0.15 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.linux-arm(NuGet) | 5.0.0 | 5.0.15 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.linux-arm64(NuGet) | 5.0.0 | 5.0.15 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.linux-musl-x64(NuGet) | 5.0.0 | 5.0.15 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.linux-x64(NuGet) | 5.0.0 | 5.0.15 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.osx-x64(NuGet) | 5.0.0 | 5.0.15 | N/A |
| Microsoft.NETCore.App.Runtime.browser-wasm(NuGet) | 5.0.0 | 5.0.15 | N/A |
| Microsoft.NETCore.App.Runtime.linux-arm(NuGet) | 5.0.0 | 5.0.15 | N/A |
| Microsoft.NETCore.App.Runtime.linux-arm64(NuGet) | 5.0.0 | 5.0.15 | N/A |
| Microsoft.NETCore.App.Runtime.linux-musl-arm(NuGet) | 5.0.0 | 5.0.15 | N/A |
| Microsoft.NETCore.App.Runtime.linux-musl-arm64(NuGet) | 5.0.0 | 5.0.15 | N/A |
| Microsoft.NETCore.App.Runtime.linux-musl-x64(NuGet) | 5.0.0 | 5.0.15 | N/A |
| Microsoft.NETCore.App.Runtime.linux-x64(NuGet) | 5.0.0 | 5.0.15 | N/A |
| Microsoft.NETCore.App.Runtime.osx-x64(NuGet) | 5.0.0 | 5.0.15 | N/A |
| Microsoft.NETCore.App.Runtime.win-arm(NuGet) | 5.0.0 | 5.0.15 | N/A |
| Microsoft.NETCore.App.Runtime.win-arm64(NuGet) | 5.0.0 | 5.0.15 | N/A |
| Microsoft.NETCore.App.Runtime.win-x64(NuGet) | 5.0.0 | 5.0.15 | N/A |
| Microsoft.NETCore.App.Runtime.win-x86(NuGet) | 5.0.0 | 5.0.15 | N/A |
| Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-x64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-x86(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.browser-wasm(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-arm(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-arm64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-x64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-x86(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.browser-wasm(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.ios-arm(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.ios-arm64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.iossimulator-arm64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.iossimulator-x64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.iossimulator-x86(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.maccatalyst-arm64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.maccatalyst-x64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.tvos-arm64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.tvossimulator-arm64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.tvossimulator-x64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm.Msi.x64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm64.Msi.x64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x64.Msi.x64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x86(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x86.Msi.x64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.browser-wasm(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.browser-wasm.Msi.x64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-arm64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-x64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.osx-x64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-arm64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-x64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.LLVM.osx-x64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.android-arm(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.android-arm.Msi.arm64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.android-arm.Msi.x64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.android-arm.Msi.x86(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.android-arm64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.android-arm64.Msi.arm64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.android-arm64.Msi.x64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.android-arm64.Msi.x86(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.android-x64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.arm64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.x64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.x86(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.android-x86(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.android-x86.Msi.arm64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.android-x86.Msi.x64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.android-x86.Msi.x86(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.browser-wasm(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.arm64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.x64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.x86(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.ios-arm(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.ios-arm.Msi.arm64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.ios-arm.Msi.x86(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.ios-arm64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.arm64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.x64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.x86(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.arm64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.x64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.x86(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64.Msi.arm64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64.Msi.x64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64.Msi.x86(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.arm64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.x64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.x86(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.linux-arm(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.linux-arm64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.linux-musl-x64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.linux-x64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64.Msi.arm64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64.Msi.x64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64.Msi.x86(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.arm64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.x64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.x86(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.osx-arm64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.osx-x64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.tvos-arm64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.arm64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.x64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.x86(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.arm64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.x64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.x86(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.arm64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.x64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.x86(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.win-x64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.Mono.win-x86(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.linux-arm(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.linux-arm64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.linux-musl-arm(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.linux-musl-arm64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.linux-musl-x64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.linux-x64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.osx-arm64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.osx-x64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.win-arm(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.win-arm64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.win-x64(NuGet) | 6.0.0 | 6.0.3 | N/A |
| Microsoft.NETCore.App.Runtime.win-x86(NuGet) | 6.0.0 | 6.0.3 | N/A |
| brotli(PyPI) | 0 | 1.0.8 | N/A |
CVSS Metrics
