Executive Summary

Informations
Name CVE-2020-36846 First vendor Publication 2025-05-30
Vendor Cve Last vendor Modification 2025-05-30

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

A buffer overflow, as described in CVE-2020-8927, exists in the embedded Brotli library. Versions of IO::Compress::Brotli prior to 0.007 included a version of the brotli library prior to version 1.0.8, where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your IO::Compress::Brotli module to 0.007 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36846

Sources (Detail)

https://github.com/advisories/GHSA-5v8v-66v8-mwm7
https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6
https://github.com/google/brotli/pull/826
https://github.com/timlegge/perl-IO-Compress-Brotli/blob/8b44c83b23bb4658179e...
https://nvd.nist.gov/vuln/detail/CVE-2020-8927
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2025-05-31 05:20:33
  • Multiple Updates
2025-05-30 09:20:33
  • First insertion