Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-8927 (GCVE-0-2020-8927)
Vulnerability from cvelistv5 – Published: 2020-09-15 09:15 – Updated: 2024-08-04 10:12
VLAI?
EPSS
Title
Buffer overflow in Brotli library
Summary
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
Severity ?
5.3 (Medium)
CWE
- CWE-130 - Improper Handling of Length Parameter Inconsistency
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Google LLC | Brotli |
Affected:
stable , ≤ 1.0.7
(custom)
|
Credits
Jay Lv <nengzhi.pnz@antgroup.com>
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:12:11.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/google/brotli/releases/tag/v1.0.9"
},
{
"name": "openSUSE-SU-2020:1578",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html"
},
{
"name": "FEDORA-2020-22d278923a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/"
},
{
"name": "USN-4568-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4568-1/"
},
{
"name": "FEDORA-2020-c663fbc46c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/"
},
{
"name": "FEDORA-2020-e21bd401ad",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/"
},
{
"name": "FEDORA-2020-bc9a739f0c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/"
},
{
"name": "FEDORA-2020-9336b65f82",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/"
},
{
"name": "FEDORA-2020-c76a35b209",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/"
},
{
"name": "[debian-lts-announce] 20201201 [SECURITY] [DLA 2476-1] brotli security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html"
},
{
"name": "DSA-4801",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4801"
},
{
"name": "FEDORA-2022-9e046f579a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/"
},
{
"name": "FEDORA-2022-5ecee47acb",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/"
},
{
"name": "FEDORA-2022-d28042f559",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brotli",
"vendor": "Google LLC",
"versions": [
{
"lessThanOrEqual": "1.0.7",
"status": "affected",
"version": "stable",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jay Lv \u003cnengzhi.pnz@antgroup.com\u003e"
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-130",
"description": "CWE-130 Improper Handling of Length Parameter Inconsistency ",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-27T04:06:10",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/google/brotli/releases/tag/v1.0.9"
},
{
"name": "openSUSE-SU-2020:1578",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html"
},
{
"name": "FEDORA-2020-22d278923a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/"
},
{
"name": "USN-4568-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4568-1/"
},
{
"name": "FEDORA-2020-c663fbc46c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/"
},
{
"name": "FEDORA-2020-e21bd401ad",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/"
},
{
"name": "FEDORA-2020-bc9a739f0c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/"
},
{
"name": "FEDORA-2020-9336b65f82",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/"
},
{
"name": "FEDORA-2020-c76a35b209",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/"
},
{
"name": "[debian-lts-announce] 20201201 [SECURITY] [DLA 2476-1] brotli security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html"
},
{
"name": "DSA-4801",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4801"
},
{
"name": "FEDORA-2022-9e046f579a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/"
},
{
"name": "FEDORA-2022-5ecee47acb",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/"
},
{
"name": "FEDORA-2022-d28042f559",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Buffer overflow in Brotli library",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2020-8927",
"STATE": "PUBLIC",
"TITLE": "Buffer overflow in Brotli library"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brotli",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "stable",
"version_value": "1.0.7"
}
]
}
}
]
},
"vendor_name": "Google LLC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jay Lv \u003cnengzhi.pnz@antgroup.com\u003e"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-130 Improper Handling of Length Parameter Inconsistency "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/google/brotli/releases/tag/v1.0.9",
"refsource": "CONFIRM",
"url": "https://github.com/google/brotli/releases/tag/v1.0.9"
},
{
"name": "openSUSE-SU-2020:1578",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html"
},
{
"name": "FEDORA-2020-22d278923a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/"
},
{
"name": "USN-4568-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4568-1/"
},
{
"name": "FEDORA-2020-c663fbc46c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/"
},
{
"name": "FEDORA-2020-e21bd401ad",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/"
},
{
"name": "FEDORA-2020-bc9a739f0c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/"
},
{
"name": "FEDORA-2020-9336b65f82",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/"
},
{
"name": "FEDORA-2020-c76a35b209",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/"
},
{
"name": "[debian-lts-announce] 20201201 [SECURITY] [DLA 2476-1] brotli security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html"
},
{
"name": "DSA-4801",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4801"
},
{
"name": "FEDORA-2022-9e046f579a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/"
},
{
"name": "FEDORA-2022-5ecee47acb",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/"
},
{
"name": "FEDORA-2022-d28042f559",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2020-8927",
"datePublished": "2020-09-15T09:15:12",
"dateReserved": "2020-02-12T00:00:00",
"dateUpdated": "2024-08-04T10:12:11.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2020-8927\",\"sourceIdentifier\":\"cve-coordination@google.com\",\"published\":\"2020-09-15T10:15:12.887\",\"lastModified\":\"2024-11-21T05:39:41.370\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \\\"one-shot\\\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \\\"streaming\\\" API as opposed to the \\\"one-shot\\\" API, and impose chunk size limits.\"},{\"lang\":\"es\",\"value\":\"Se presenta un desbordamiento del b\u00fafer en la biblioteca Brotli versiones anteriores a 1.0.8, donde un atacante que controla la longitud de entrada de una petici\u00f3n de descompresi\u00f3n \\\"one-shot\\\" en un script puede desencadenar un bloqueo, que ocurre cuando se copian fragmentos de datos de m\u00e1s de 2 GiB .\u0026#xa0;Se recomienda actualizar su biblioteca de Brotli a la versi\u00f3n 1.0.8 o posterior.\u0026#xa0;Si no se puede actualizar, recomendamos usar la API \\\"streaming\\\" en lugar de la API \\\"one-shot\\\" e imponer l\u00edmites de tama\u00f1o de fragmentos\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve-coordination@google.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:P\",\"baseScore\":6.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cve-coordination@google.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-130\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:brotli:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.8\",\"matchCriteriaId\":\"3A0C4F94-96AA-45AE-A3A6-55DE4FD744E3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36D96259-24BD-44E2-96D9-78CE1D41F956\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"902B8056-9E37-443B-8905-8AA93E2447FB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B009C22E-30A4-4288-BCF6-C3E81DEAF45A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0\",\"versionEndIncluding\":\"5.0.14\",\"matchCriteriaId\":\"D986C83E-F055-4861-B3FC-D1AE2662A826\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.1\",\"versionEndIncluding\":\"3.1.22\",\"matchCriteriaId\":\"EB57B616-F5BD-47B7-BBD0-AF58976CEE10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0\",\"versionEndExcluding\":\"7.0.9\",\"matchCriteriaId\":\"77F72A4A-239D-4362-B42C-2B125FD977AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.1\",\"versionEndExcluding\":\"7.1.6\",\"matchCriteriaId\":\"A2C644EF-33B6-440F-8051-6A0D3C096F67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.2\",\"versionEndExcluding\":\"7.2.2\",\"matchCriteriaId\":\"CD5CE10E-FCBF-4FBA-9B4E-BEB7F7E902A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.0\",\"versionEndIncluding\":\"16.11\",\"matchCriteriaId\":\"C9984FFB-8AFA-438F-B762-B98649B64B23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.0\",\"versionEndIncluding\":\"17.0.7\",\"matchCriteriaId\":\"962BF425-75A7-4743-A3EA-275F8D66A00B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:17.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"950638D8-6997-4058-8A9E-6153A7FC3B32\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html\",\"source\":\"cve-coordination@google.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/google/brotli/releases/tag/v1.0.9\",\"source\":\"cve-coordination@google.com\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html\",\"source\":\"cve-coordination@google.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/\",\"source\":\"cve-coordination@google.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/\",\"source\":\"cve-coordination@google.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/\",\"source\":\"cve-coordination@google.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/\",\"source\":\"cve-coordination@google.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/\",\"source\":\"cve-coordination@google.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/\",\"source\":\"cve-coordination@google.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/\",\"source\":\"cve-coordination@google.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/\",\"source\":\"cve-coordination@google.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/\",\"source\":\"cve-coordination@google.com\"},{\"url\":\"https://usn.ubuntu.com/4568-1/\",\"source\":\"cve-coordination@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4801\",\"source\":\"cve-coordination@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/google/brotli/releases/tag/v1.0.9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4568-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4801\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
OPENSUSE-SU-2024:11708-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
cargo-audit-advisory-db-20220105-1.1 on GA media
Notes
Title of the patch
cargo-audit-advisory-db-20220105-1.1 on GA media
Description of the patch
These are all security issues fixed in the cargo-audit-advisory-db-20220105-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11708
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "cargo-audit-advisory-db-20220105-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the cargo-audit-advisory-db-20220105-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11708",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11708-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8927 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8927/"
}
],
"title": "cargo-audit-advisory-db-20220105-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11708-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cargo-audit-advisory-db-20220105-1.1.aarch64",
"product": {
"name": "cargo-audit-advisory-db-20220105-1.1.aarch64",
"product_id": "cargo-audit-advisory-db-20220105-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-audit-advisory-db-20220105-1.1.ppc64le",
"product": {
"name": "cargo-audit-advisory-db-20220105-1.1.ppc64le",
"product_id": "cargo-audit-advisory-db-20220105-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-audit-advisory-db-20220105-1.1.s390x",
"product": {
"name": "cargo-audit-advisory-db-20220105-1.1.s390x",
"product_id": "cargo-audit-advisory-db-20220105-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-audit-advisory-db-20220105-1.1.x86_64",
"product": {
"name": "cargo-audit-advisory-db-20220105-1.1.x86_64",
"product_id": "cargo-audit-advisory-db-20220105-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-audit-advisory-db-20220105-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cargo-audit-advisory-db-20220105-1.1.aarch64"
},
"product_reference": "cargo-audit-advisory-db-20220105-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-audit-advisory-db-20220105-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cargo-audit-advisory-db-20220105-1.1.ppc64le"
},
"product_reference": "cargo-audit-advisory-db-20220105-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-audit-advisory-db-20220105-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cargo-audit-advisory-db-20220105-1.1.s390x"
},
"product_reference": "cargo-audit-advisory-db-20220105-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-audit-advisory-db-20220105-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cargo-audit-advisory-db-20220105-1.1.x86_64"
},
"product_reference": "cargo-audit-advisory-db-20220105-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-8927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8927"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cargo-audit-advisory-db-20220105-1.1.aarch64",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20220105-1.1.ppc64le",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20220105-1.1.s390x",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20220105-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8927",
"url": "https://www.suse.com/security/cve/CVE-2020-8927"
},
{
"category": "external",
"summary": "SUSE Bug 1175825 for CVE-2020-8927",
"url": "https://bugzilla.suse.com/1175825"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cargo-audit-advisory-db-20220105-1.1.aarch64",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20220105-1.1.ppc64le",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20220105-1.1.s390x",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20220105-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cargo-audit-advisory-db-20220105-1.1.aarch64",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20220105-1.1.ppc64le",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20220105-1.1.s390x",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20220105-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-8927"
}
]
}
OPENSUSE-SU-2020:1578-1
Vulnerability from csaf_opensuse - Published: 2020-09-29 18:12 - Updated: 2020-09-29 18:12Summary
Security update for brotli
Notes
Title of the patch
Security update for brotli
Description of the patch
This update for brotli fixes the following issues:
brotli was updated to 1.0.9:
* CVE-2020-8927: Fix integer overflow when input chunk is longer than 2GiB [boo#1175825]
* `brotli -v` now reports raw / compressed size
* decoder: minor speed / memory usage improvements
* encoder: fix rare access to uninitialized data in ring-buffer
Patchnames
openSUSE-2020-1578
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for brotli",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for brotli fixes the following issues:\n\nbrotli was updated to 1.0.9:\n\n* CVE-2020-8927: Fix integer overflow when input chunk is longer than 2GiB [boo#1175825]\n* `brotli -v` now reports raw / compressed size\n* decoder: minor speed / memory usage improvements\n* encoder: fix rare access to uninitialized data in ring-buffer\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-1578",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1578-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:1578-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/25MTVVM73V6W35S5ZGOBWISPZIE3DXIJ/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:1578-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/25MTVVM73V6W35S5ZGOBWISPZIE3DXIJ/"
},
{
"category": "self",
"summary": "SUSE Bug 1175825",
"url": "https://bugzilla.suse.com/1175825"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8927 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8927/"
}
],
"title": "Security update for brotli",
"tracking": {
"current_release_date": "2020-09-29T18:12:59Z",
"generator": {
"date": "2020-09-29T18:12:59Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:1578-1",
"initial_release_date": "2020-09-29T18:12:59Z",
"revision_history": [
{
"date": "2020-09-29T18:12:59Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "brotli-1.0.9-lp152.2.3.1.i586",
"product": {
"name": "brotli-1.0.9-lp152.2.3.1.i586",
"product_id": "brotli-1.0.9-lp152.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "libbrotli-devel-1.0.9-lp152.2.3.1.i586",
"product": {
"name": "libbrotli-devel-1.0.9-lp152.2.3.1.i586",
"product_id": "libbrotli-devel-1.0.9-lp152.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "libbrotlicommon1-1.0.9-lp152.2.3.1.i586",
"product": {
"name": "libbrotlicommon1-1.0.9-lp152.2.3.1.i586",
"product_id": "libbrotlicommon1-1.0.9-lp152.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "libbrotlidec1-1.0.9-lp152.2.3.1.i586",
"product": {
"name": "libbrotlidec1-1.0.9-lp152.2.3.1.i586",
"product_id": "libbrotlidec1-1.0.9-lp152.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "libbrotlienc1-1.0.9-lp152.2.3.1.i586",
"product": {
"name": "libbrotlienc1-1.0.9-lp152.2.3.1.i586",
"product_id": "libbrotlienc1-1.0.9-lp152.2.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "brotli-1.0.9-lp152.2.3.1.x86_64",
"product": {
"name": "brotli-1.0.9-lp152.2.3.1.x86_64",
"product_id": "brotli-1.0.9-lp152.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libbrotli-devel-1.0.9-lp152.2.3.1.x86_64",
"product": {
"name": "libbrotli-devel-1.0.9-lp152.2.3.1.x86_64",
"product_id": "libbrotli-devel-1.0.9-lp152.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libbrotlicommon1-1.0.9-lp152.2.3.1.x86_64",
"product": {
"name": "libbrotlicommon1-1.0.9-lp152.2.3.1.x86_64",
"product_id": "libbrotlicommon1-1.0.9-lp152.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libbrotlicommon1-32bit-1.0.9-lp152.2.3.1.x86_64",
"product": {
"name": "libbrotlicommon1-32bit-1.0.9-lp152.2.3.1.x86_64",
"product_id": "libbrotlicommon1-32bit-1.0.9-lp152.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libbrotlidec1-1.0.9-lp152.2.3.1.x86_64",
"product": {
"name": "libbrotlidec1-1.0.9-lp152.2.3.1.x86_64",
"product_id": "libbrotlidec1-1.0.9-lp152.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libbrotlidec1-32bit-1.0.9-lp152.2.3.1.x86_64",
"product": {
"name": "libbrotlidec1-32bit-1.0.9-lp152.2.3.1.x86_64",
"product_id": "libbrotlidec1-32bit-1.0.9-lp152.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libbrotlienc1-1.0.9-lp152.2.3.1.x86_64",
"product": {
"name": "libbrotlienc1-1.0.9-lp152.2.3.1.x86_64",
"product_id": "libbrotlienc1-1.0.9-lp152.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libbrotlienc1-32bit-1.0.9-lp152.2.3.1.x86_64",
"product": {
"name": "libbrotlienc1-32bit-1.0.9-lp152.2.3.1.x86_64",
"product_id": "libbrotlienc1-32bit-1.0.9-lp152.2.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-1.0.9-lp152.2.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:brotli-1.0.9-lp152.2.3.1.i586"
},
"product_reference": "brotli-1.0.9-lp152.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-1.0.9-lp152.2.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:brotli-1.0.9-lp152.2.3.1.x86_64"
},
"product_reference": "brotli-1.0.9-lp152.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotli-devel-1.0.9-lp152.2.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libbrotli-devel-1.0.9-lp152.2.3.1.i586"
},
"product_reference": "libbrotli-devel-1.0.9-lp152.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotli-devel-1.0.9-lp152.2.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libbrotli-devel-1.0.9-lp152.2.3.1.x86_64"
},
"product_reference": "libbrotli-devel-1.0.9-lp152.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlicommon1-1.0.9-lp152.2.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libbrotlicommon1-1.0.9-lp152.2.3.1.i586"
},
"product_reference": "libbrotlicommon1-1.0.9-lp152.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlicommon1-1.0.9-lp152.2.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libbrotlicommon1-1.0.9-lp152.2.3.1.x86_64"
},
"product_reference": "libbrotlicommon1-1.0.9-lp152.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlicommon1-32bit-1.0.9-lp152.2.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libbrotlicommon1-32bit-1.0.9-lp152.2.3.1.x86_64"
},
"product_reference": "libbrotlicommon1-32bit-1.0.9-lp152.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlidec1-1.0.9-lp152.2.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libbrotlidec1-1.0.9-lp152.2.3.1.i586"
},
"product_reference": "libbrotlidec1-1.0.9-lp152.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlidec1-1.0.9-lp152.2.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libbrotlidec1-1.0.9-lp152.2.3.1.x86_64"
},
"product_reference": "libbrotlidec1-1.0.9-lp152.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlidec1-32bit-1.0.9-lp152.2.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libbrotlidec1-32bit-1.0.9-lp152.2.3.1.x86_64"
},
"product_reference": "libbrotlidec1-32bit-1.0.9-lp152.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlienc1-1.0.9-lp152.2.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libbrotlienc1-1.0.9-lp152.2.3.1.i586"
},
"product_reference": "libbrotlienc1-1.0.9-lp152.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlienc1-1.0.9-lp152.2.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libbrotlienc1-1.0.9-lp152.2.3.1.x86_64"
},
"product_reference": "libbrotlienc1-1.0.9-lp152.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlienc1-32bit-1.0.9-lp152.2.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libbrotlienc1-32bit-1.0.9-lp152.2.3.1.x86_64"
},
"product_reference": "libbrotlienc1-32bit-1.0.9-lp152.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-8927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8927"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:brotli-1.0.9-lp152.2.3.1.i586",
"openSUSE Leap 15.2:brotli-1.0.9-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:libbrotli-devel-1.0.9-lp152.2.3.1.i586",
"openSUSE Leap 15.2:libbrotli-devel-1.0.9-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:libbrotlicommon1-1.0.9-lp152.2.3.1.i586",
"openSUSE Leap 15.2:libbrotlicommon1-1.0.9-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:libbrotlicommon1-32bit-1.0.9-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:libbrotlidec1-1.0.9-lp152.2.3.1.i586",
"openSUSE Leap 15.2:libbrotlidec1-1.0.9-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:libbrotlidec1-32bit-1.0.9-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:libbrotlienc1-1.0.9-lp152.2.3.1.i586",
"openSUSE Leap 15.2:libbrotlienc1-1.0.9-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:libbrotlienc1-32bit-1.0.9-lp152.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8927",
"url": "https://www.suse.com/security/cve/CVE-2020-8927"
},
{
"category": "external",
"summary": "SUSE Bug 1175825 for CVE-2020-8927",
"url": "https://bugzilla.suse.com/1175825"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:brotli-1.0.9-lp152.2.3.1.i586",
"openSUSE Leap 15.2:brotli-1.0.9-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:libbrotli-devel-1.0.9-lp152.2.3.1.i586",
"openSUSE Leap 15.2:libbrotli-devel-1.0.9-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:libbrotlicommon1-1.0.9-lp152.2.3.1.i586",
"openSUSE Leap 15.2:libbrotlicommon1-1.0.9-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:libbrotlicommon1-32bit-1.0.9-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:libbrotlidec1-1.0.9-lp152.2.3.1.i586",
"openSUSE Leap 15.2:libbrotlidec1-1.0.9-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:libbrotlidec1-32bit-1.0.9-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:libbrotlienc1-1.0.9-lp152.2.3.1.i586",
"openSUSE Leap 15.2:libbrotlienc1-1.0.9-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:libbrotlienc1-32bit-1.0.9-lp152.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:brotli-1.0.9-lp152.2.3.1.i586",
"openSUSE Leap 15.2:brotli-1.0.9-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:libbrotli-devel-1.0.9-lp152.2.3.1.i586",
"openSUSE Leap 15.2:libbrotli-devel-1.0.9-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:libbrotlicommon1-1.0.9-lp152.2.3.1.i586",
"openSUSE Leap 15.2:libbrotlicommon1-1.0.9-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:libbrotlicommon1-32bit-1.0.9-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:libbrotlidec1-1.0.9-lp152.2.3.1.i586",
"openSUSE Leap 15.2:libbrotlidec1-1.0.9-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:libbrotlidec1-32bit-1.0.9-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:libbrotlienc1-1.0.9-lp152.2.3.1.i586",
"openSUSE Leap 15.2:libbrotlienc1-1.0.9-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:libbrotlienc1-32bit-1.0.9-lp152.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-29T18:12:59Z",
"details": "moderate"
}
],
"title": "CVE-2020-8927"
}
]
}
OPENSUSE-SU-2021:3942-1
Vulnerability from csaf_opensuse - Published: 2021-12-06 13:46 - Updated: 2021-12-06 13:46Summary
Security update for brotli
Notes
Title of the patch
Security update for brotli
Description of the patch
This update for brotli fixes the following issues:
- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825).
Patchnames
openSUSE-SLE-15.3-2021-3942
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for brotli",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for brotli fixes the following issues:\n\n- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-SLE-15.3-2021-3942",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_3942-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:3942-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EBYPFIZJBUFNGB65ETC2USVDXZRAANZW/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:3942-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EBYPFIZJBUFNGB65ETC2USVDXZRAANZW/"
},
{
"category": "self",
"summary": "SUSE Bug 1175825",
"url": "https://bugzilla.suse.com/1175825"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8927 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8927/"
}
],
"title": "Security update for brotli",
"tracking": {
"current_release_date": "2021-12-06T13:46:28Z",
"generator": {
"date": "2021-12-06T13:46:28Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:3942-1",
"initial_release_date": "2021-12-06T13:46:28Z",
"revision_history": [
{
"date": "2021-12-06T13:46:28Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "brotli-1.0.7-3.3.1.aarch64",
"product": {
"name": "brotli-1.0.7-3.3.1.aarch64",
"product_id": "brotli-1.0.7-3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libbrotli-devel-1.0.7-3.3.1.aarch64",
"product": {
"name": "libbrotli-devel-1.0.7-3.3.1.aarch64",
"product_id": "libbrotli-devel-1.0.7-3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libbrotlicommon1-1.0.7-3.3.1.aarch64",
"product": {
"name": "libbrotlicommon1-1.0.7-3.3.1.aarch64",
"product_id": "libbrotlicommon1-1.0.7-3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libbrotlidec1-1.0.7-3.3.1.aarch64",
"product": {
"name": "libbrotlidec1-1.0.7-3.3.1.aarch64",
"product_id": "libbrotlidec1-1.0.7-3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libbrotlienc1-1.0.7-3.3.1.aarch64",
"product": {
"name": "libbrotlienc1-1.0.7-3.3.1.aarch64",
"product_id": "libbrotlienc1-1.0.7-3.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "brotli-1.0.7-3.3.1.ppc64le",
"product": {
"name": "brotli-1.0.7-3.3.1.ppc64le",
"product_id": "brotli-1.0.7-3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libbrotli-devel-1.0.7-3.3.1.ppc64le",
"product": {
"name": "libbrotli-devel-1.0.7-3.3.1.ppc64le",
"product_id": "libbrotli-devel-1.0.7-3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libbrotlicommon1-1.0.7-3.3.1.ppc64le",
"product": {
"name": "libbrotlicommon1-1.0.7-3.3.1.ppc64le",
"product_id": "libbrotlicommon1-1.0.7-3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libbrotlidec1-1.0.7-3.3.1.ppc64le",
"product": {
"name": "libbrotlidec1-1.0.7-3.3.1.ppc64le",
"product_id": "libbrotlidec1-1.0.7-3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libbrotlienc1-1.0.7-3.3.1.ppc64le",
"product": {
"name": "libbrotlienc1-1.0.7-3.3.1.ppc64le",
"product_id": "libbrotlienc1-1.0.7-3.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "brotli-1.0.7-3.3.1.s390x",
"product": {
"name": "brotli-1.0.7-3.3.1.s390x",
"product_id": "brotli-1.0.7-3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libbrotli-devel-1.0.7-3.3.1.s390x",
"product": {
"name": "libbrotli-devel-1.0.7-3.3.1.s390x",
"product_id": "libbrotli-devel-1.0.7-3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libbrotlicommon1-1.0.7-3.3.1.s390x",
"product": {
"name": "libbrotlicommon1-1.0.7-3.3.1.s390x",
"product_id": "libbrotlicommon1-1.0.7-3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libbrotlidec1-1.0.7-3.3.1.s390x",
"product": {
"name": "libbrotlidec1-1.0.7-3.3.1.s390x",
"product_id": "libbrotlidec1-1.0.7-3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libbrotlienc1-1.0.7-3.3.1.s390x",
"product": {
"name": "libbrotlienc1-1.0.7-3.3.1.s390x",
"product_id": "libbrotlienc1-1.0.7-3.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "brotli-1.0.7-3.3.1.x86_64",
"product": {
"name": "brotli-1.0.7-3.3.1.x86_64",
"product_id": "brotli-1.0.7-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libbrotli-devel-1.0.7-3.3.1.x86_64",
"product": {
"name": "libbrotli-devel-1.0.7-3.3.1.x86_64",
"product_id": "libbrotli-devel-1.0.7-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libbrotlicommon1-1.0.7-3.3.1.x86_64",
"product": {
"name": "libbrotlicommon1-1.0.7-3.3.1.x86_64",
"product_id": "libbrotlicommon1-1.0.7-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libbrotlicommon1-32bit-1.0.7-3.3.1.x86_64",
"product": {
"name": "libbrotlicommon1-32bit-1.0.7-3.3.1.x86_64",
"product_id": "libbrotlicommon1-32bit-1.0.7-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libbrotlidec1-1.0.7-3.3.1.x86_64",
"product": {
"name": "libbrotlidec1-1.0.7-3.3.1.x86_64",
"product_id": "libbrotlidec1-1.0.7-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libbrotlidec1-32bit-1.0.7-3.3.1.x86_64",
"product": {
"name": "libbrotlidec1-32bit-1.0.7-3.3.1.x86_64",
"product_id": "libbrotlidec1-32bit-1.0.7-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libbrotlienc1-1.0.7-3.3.1.x86_64",
"product": {
"name": "libbrotlienc1-1.0.7-3.3.1.x86_64",
"product_id": "libbrotlienc1-1.0.7-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libbrotlienc1-32bit-1.0.7-3.3.1.x86_64",
"product": {
"name": "libbrotlienc1-32bit-1.0.7-3.3.1.x86_64",
"product_id": "libbrotlienc1-32bit-1.0.7-3.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-1.0.7-3.3.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:brotli-1.0.7-3.3.1.aarch64"
},
"product_reference": "brotli-1.0.7-3.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-1.0.7-3.3.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:brotli-1.0.7-3.3.1.ppc64le"
},
"product_reference": "brotli-1.0.7-3.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-1.0.7-3.3.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:brotli-1.0.7-3.3.1.s390x"
},
"product_reference": "brotli-1.0.7-3.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-1.0.7-3.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:brotli-1.0.7-3.3.1.x86_64"
},
"product_reference": "brotli-1.0.7-3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotli-devel-1.0.7-3.3.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libbrotli-devel-1.0.7-3.3.1.aarch64"
},
"product_reference": "libbrotli-devel-1.0.7-3.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotli-devel-1.0.7-3.3.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libbrotli-devel-1.0.7-3.3.1.ppc64le"
},
"product_reference": "libbrotli-devel-1.0.7-3.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotli-devel-1.0.7-3.3.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libbrotli-devel-1.0.7-3.3.1.s390x"
},
"product_reference": "libbrotli-devel-1.0.7-3.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotli-devel-1.0.7-3.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libbrotli-devel-1.0.7-3.3.1.x86_64"
},
"product_reference": "libbrotli-devel-1.0.7-3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlicommon1-1.0.7-3.3.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libbrotlicommon1-1.0.7-3.3.1.aarch64"
},
"product_reference": "libbrotlicommon1-1.0.7-3.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlicommon1-1.0.7-3.3.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libbrotlicommon1-1.0.7-3.3.1.ppc64le"
},
"product_reference": "libbrotlicommon1-1.0.7-3.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlicommon1-1.0.7-3.3.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libbrotlicommon1-1.0.7-3.3.1.s390x"
},
"product_reference": "libbrotlicommon1-1.0.7-3.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlicommon1-1.0.7-3.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libbrotlicommon1-1.0.7-3.3.1.x86_64"
},
"product_reference": "libbrotlicommon1-1.0.7-3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlicommon1-32bit-1.0.7-3.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libbrotlicommon1-32bit-1.0.7-3.3.1.x86_64"
},
"product_reference": "libbrotlicommon1-32bit-1.0.7-3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlidec1-1.0.7-3.3.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libbrotlidec1-1.0.7-3.3.1.aarch64"
},
"product_reference": "libbrotlidec1-1.0.7-3.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlidec1-1.0.7-3.3.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libbrotlidec1-1.0.7-3.3.1.ppc64le"
},
"product_reference": "libbrotlidec1-1.0.7-3.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlidec1-1.0.7-3.3.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libbrotlidec1-1.0.7-3.3.1.s390x"
},
"product_reference": "libbrotlidec1-1.0.7-3.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlidec1-1.0.7-3.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libbrotlidec1-1.0.7-3.3.1.x86_64"
},
"product_reference": "libbrotlidec1-1.0.7-3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlidec1-32bit-1.0.7-3.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libbrotlidec1-32bit-1.0.7-3.3.1.x86_64"
},
"product_reference": "libbrotlidec1-32bit-1.0.7-3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlienc1-1.0.7-3.3.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libbrotlienc1-1.0.7-3.3.1.aarch64"
},
"product_reference": "libbrotlienc1-1.0.7-3.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlienc1-1.0.7-3.3.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libbrotlienc1-1.0.7-3.3.1.ppc64le"
},
"product_reference": "libbrotlienc1-1.0.7-3.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlienc1-1.0.7-3.3.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libbrotlienc1-1.0.7-3.3.1.s390x"
},
"product_reference": "libbrotlienc1-1.0.7-3.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlienc1-1.0.7-3.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libbrotlienc1-1.0.7-3.3.1.x86_64"
},
"product_reference": "libbrotlienc1-1.0.7-3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlienc1-32bit-1.0.7-3.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libbrotlienc1-32bit-1.0.7-3.3.1.x86_64"
},
"product_reference": "libbrotlienc1-32bit-1.0.7-3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-8927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8927"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:brotli-1.0.7-3.3.1.aarch64",
"openSUSE Leap 15.3:brotli-1.0.7-3.3.1.ppc64le",
"openSUSE Leap 15.3:brotli-1.0.7-3.3.1.s390x",
"openSUSE Leap 15.3:brotli-1.0.7-3.3.1.x86_64",
"openSUSE Leap 15.3:libbrotli-devel-1.0.7-3.3.1.aarch64",
"openSUSE Leap 15.3:libbrotli-devel-1.0.7-3.3.1.ppc64le",
"openSUSE Leap 15.3:libbrotli-devel-1.0.7-3.3.1.s390x",
"openSUSE Leap 15.3:libbrotli-devel-1.0.7-3.3.1.x86_64",
"openSUSE Leap 15.3:libbrotlicommon1-1.0.7-3.3.1.aarch64",
"openSUSE Leap 15.3:libbrotlicommon1-1.0.7-3.3.1.ppc64le",
"openSUSE Leap 15.3:libbrotlicommon1-1.0.7-3.3.1.s390x",
"openSUSE Leap 15.3:libbrotlicommon1-1.0.7-3.3.1.x86_64",
"openSUSE Leap 15.3:libbrotlicommon1-32bit-1.0.7-3.3.1.x86_64",
"openSUSE Leap 15.3:libbrotlidec1-1.0.7-3.3.1.aarch64",
"openSUSE Leap 15.3:libbrotlidec1-1.0.7-3.3.1.ppc64le",
"openSUSE Leap 15.3:libbrotlidec1-1.0.7-3.3.1.s390x",
"openSUSE Leap 15.3:libbrotlidec1-1.0.7-3.3.1.x86_64",
"openSUSE Leap 15.3:libbrotlidec1-32bit-1.0.7-3.3.1.x86_64",
"openSUSE Leap 15.3:libbrotlienc1-1.0.7-3.3.1.aarch64",
"openSUSE Leap 15.3:libbrotlienc1-1.0.7-3.3.1.ppc64le",
"openSUSE Leap 15.3:libbrotlienc1-1.0.7-3.3.1.s390x",
"openSUSE Leap 15.3:libbrotlienc1-1.0.7-3.3.1.x86_64",
"openSUSE Leap 15.3:libbrotlienc1-32bit-1.0.7-3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8927",
"url": "https://www.suse.com/security/cve/CVE-2020-8927"
},
{
"category": "external",
"summary": "SUSE Bug 1175825 for CVE-2020-8927",
"url": "https://bugzilla.suse.com/1175825"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:brotli-1.0.7-3.3.1.aarch64",
"openSUSE Leap 15.3:brotli-1.0.7-3.3.1.ppc64le",
"openSUSE Leap 15.3:brotli-1.0.7-3.3.1.s390x",
"openSUSE Leap 15.3:brotli-1.0.7-3.3.1.x86_64",
"openSUSE Leap 15.3:libbrotli-devel-1.0.7-3.3.1.aarch64",
"openSUSE Leap 15.3:libbrotli-devel-1.0.7-3.3.1.ppc64le",
"openSUSE Leap 15.3:libbrotli-devel-1.0.7-3.3.1.s390x",
"openSUSE Leap 15.3:libbrotli-devel-1.0.7-3.3.1.x86_64",
"openSUSE Leap 15.3:libbrotlicommon1-1.0.7-3.3.1.aarch64",
"openSUSE Leap 15.3:libbrotlicommon1-1.0.7-3.3.1.ppc64le",
"openSUSE Leap 15.3:libbrotlicommon1-1.0.7-3.3.1.s390x",
"openSUSE Leap 15.3:libbrotlicommon1-1.0.7-3.3.1.x86_64",
"openSUSE Leap 15.3:libbrotlicommon1-32bit-1.0.7-3.3.1.x86_64",
"openSUSE Leap 15.3:libbrotlidec1-1.0.7-3.3.1.aarch64",
"openSUSE Leap 15.3:libbrotlidec1-1.0.7-3.3.1.ppc64le",
"openSUSE Leap 15.3:libbrotlidec1-1.0.7-3.3.1.s390x",
"openSUSE Leap 15.3:libbrotlidec1-1.0.7-3.3.1.x86_64",
"openSUSE Leap 15.3:libbrotlidec1-32bit-1.0.7-3.3.1.x86_64",
"openSUSE Leap 15.3:libbrotlienc1-1.0.7-3.3.1.aarch64",
"openSUSE Leap 15.3:libbrotlienc1-1.0.7-3.3.1.ppc64le",
"openSUSE Leap 15.3:libbrotlienc1-1.0.7-3.3.1.s390x",
"openSUSE Leap 15.3:libbrotlienc1-1.0.7-3.3.1.x86_64",
"openSUSE Leap 15.3:libbrotlienc1-32bit-1.0.7-3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:brotli-1.0.7-3.3.1.aarch64",
"openSUSE Leap 15.3:brotli-1.0.7-3.3.1.ppc64le",
"openSUSE Leap 15.3:brotli-1.0.7-3.3.1.s390x",
"openSUSE Leap 15.3:brotli-1.0.7-3.3.1.x86_64",
"openSUSE Leap 15.3:libbrotli-devel-1.0.7-3.3.1.aarch64",
"openSUSE Leap 15.3:libbrotli-devel-1.0.7-3.3.1.ppc64le",
"openSUSE Leap 15.3:libbrotli-devel-1.0.7-3.3.1.s390x",
"openSUSE Leap 15.3:libbrotli-devel-1.0.7-3.3.1.x86_64",
"openSUSE Leap 15.3:libbrotlicommon1-1.0.7-3.3.1.aarch64",
"openSUSE Leap 15.3:libbrotlicommon1-1.0.7-3.3.1.ppc64le",
"openSUSE Leap 15.3:libbrotlicommon1-1.0.7-3.3.1.s390x",
"openSUSE Leap 15.3:libbrotlicommon1-1.0.7-3.3.1.x86_64",
"openSUSE Leap 15.3:libbrotlicommon1-32bit-1.0.7-3.3.1.x86_64",
"openSUSE Leap 15.3:libbrotlidec1-1.0.7-3.3.1.aarch64",
"openSUSE Leap 15.3:libbrotlidec1-1.0.7-3.3.1.ppc64le",
"openSUSE Leap 15.3:libbrotlidec1-1.0.7-3.3.1.s390x",
"openSUSE Leap 15.3:libbrotlidec1-1.0.7-3.3.1.x86_64",
"openSUSE Leap 15.3:libbrotlidec1-32bit-1.0.7-3.3.1.x86_64",
"openSUSE Leap 15.3:libbrotlienc1-1.0.7-3.3.1.aarch64",
"openSUSE Leap 15.3:libbrotlienc1-1.0.7-3.3.1.ppc64le",
"openSUSE Leap 15.3:libbrotlienc1-1.0.7-3.3.1.s390x",
"openSUSE Leap 15.3:libbrotlienc1-1.0.7-3.3.1.x86_64",
"openSUSE Leap 15.3:libbrotlienc1-32bit-1.0.7-3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-06T13:46:28Z",
"details": "moderate"
}
],
"title": "CVE-2020-8927"
}
]
}
OPENSUSE-SU-2024:13224-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
python310-Brotli-1.1.0-1.1 on GA media
Notes
Title of the patch
python310-Brotli-1.1.0-1.1 on GA media
Description of the patch
These are all security issues fixed in the python310-Brotli-1.1.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-13224
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python310-Brotli-1.1.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python310-Brotli-1.1.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13224",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13224-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8927 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8927/"
}
],
"title": "python310-Brotli-1.1.0-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13224-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python310-Brotli-1.1.0-1.1.aarch64",
"product": {
"name": "python310-Brotli-1.1.0-1.1.aarch64",
"product_id": "python310-Brotli-1.1.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-Brotli-1.1.0-1.1.aarch64",
"product": {
"name": "python311-Brotli-1.1.0-1.1.aarch64",
"product_id": "python311-Brotli-1.1.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python39-Brotli-1.1.0-1.1.aarch64",
"product": {
"name": "python39-Brotli-1.1.0-1.1.aarch64",
"product_id": "python39-Brotli-1.1.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-Brotli-1.1.0-1.1.ppc64le",
"product": {
"name": "python310-Brotli-1.1.0-1.1.ppc64le",
"product_id": "python310-Brotli-1.1.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python311-Brotli-1.1.0-1.1.ppc64le",
"product": {
"name": "python311-Brotli-1.1.0-1.1.ppc64le",
"product_id": "python311-Brotli-1.1.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-Brotli-1.1.0-1.1.ppc64le",
"product": {
"name": "python39-Brotli-1.1.0-1.1.ppc64le",
"product_id": "python39-Brotli-1.1.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-Brotli-1.1.0-1.1.s390x",
"product": {
"name": "python310-Brotli-1.1.0-1.1.s390x",
"product_id": "python310-Brotli-1.1.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-Brotli-1.1.0-1.1.s390x",
"product": {
"name": "python311-Brotli-1.1.0-1.1.s390x",
"product_id": "python311-Brotli-1.1.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python39-Brotli-1.1.0-1.1.s390x",
"product": {
"name": "python39-Brotli-1.1.0-1.1.s390x",
"product_id": "python39-Brotli-1.1.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-Brotli-1.1.0-1.1.x86_64",
"product": {
"name": "python310-Brotli-1.1.0-1.1.x86_64",
"product_id": "python310-Brotli-1.1.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-Brotli-1.1.0-1.1.x86_64",
"product": {
"name": "python311-Brotli-1.1.0-1.1.x86_64",
"product_id": "python311-Brotli-1.1.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-Brotli-1.1.0-1.1.x86_64",
"product": {
"name": "python39-Brotli-1.1.0-1.1.x86_64",
"product_id": "python39-Brotli-1.1.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-Brotli-1.1.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-Brotli-1.1.0-1.1.aarch64"
},
"product_reference": "python310-Brotli-1.1.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-Brotli-1.1.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-Brotli-1.1.0-1.1.ppc64le"
},
"product_reference": "python310-Brotli-1.1.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-Brotli-1.1.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-Brotli-1.1.0-1.1.s390x"
},
"product_reference": "python310-Brotli-1.1.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-Brotli-1.1.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-Brotli-1.1.0-1.1.x86_64"
},
"product_reference": "python310-Brotli-1.1.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Brotli-1.1.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-Brotli-1.1.0-1.1.aarch64"
},
"product_reference": "python311-Brotli-1.1.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Brotli-1.1.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-Brotli-1.1.0-1.1.ppc64le"
},
"product_reference": "python311-Brotli-1.1.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Brotli-1.1.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-Brotli-1.1.0-1.1.s390x"
},
"product_reference": "python311-Brotli-1.1.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Brotli-1.1.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-Brotli-1.1.0-1.1.x86_64"
},
"product_reference": "python311-Brotli-1.1.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-Brotli-1.1.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-Brotli-1.1.0-1.1.aarch64"
},
"product_reference": "python39-Brotli-1.1.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-Brotli-1.1.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-Brotli-1.1.0-1.1.ppc64le"
},
"product_reference": "python39-Brotli-1.1.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-Brotli-1.1.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-Brotli-1.1.0-1.1.s390x"
},
"product_reference": "python39-Brotli-1.1.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-Brotli-1.1.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-Brotli-1.1.0-1.1.x86_64"
},
"product_reference": "python39-Brotli-1.1.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-8927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8927"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Brotli-1.1.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Brotli-1.1.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Brotli-1.1.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Brotli-1.1.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Brotli-1.1.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Brotli-1.1.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Brotli-1.1.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Brotli-1.1.0-1.1.x86_64",
"openSUSE Tumbleweed:python39-Brotli-1.1.0-1.1.aarch64",
"openSUSE Tumbleweed:python39-Brotli-1.1.0-1.1.ppc64le",
"openSUSE Tumbleweed:python39-Brotli-1.1.0-1.1.s390x",
"openSUSE Tumbleweed:python39-Brotli-1.1.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8927",
"url": "https://www.suse.com/security/cve/CVE-2020-8927"
},
{
"category": "external",
"summary": "SUSE Bug 1175825 for CVE-2020-8927",
"url": "https://bugzilla.suse.com/1175825"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Brotli-1.1.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Brotli-1.1.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Brotli-1.1.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Brotli-1.1.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Brotli-1.1.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Brotli-1.1.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Brotli-1.1.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Brotli-1.1.0-1.1.x86_64",
"openSUSE Tumbleweed:python39-Brotli-1.1.0-1.1.aarch64",
"openSUSE Tumbleweed:python39-Brotli-1.1.0-1.1.ppc64le",
"openSUSE Tumbleweed:python39-Brotli-1.1.0-1.1.s390x",
"openSUSE Tumbleweed:python39-Brotli-1.1.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-Brotli-1.1.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Brotli-1.1.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Brotli-1.1.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Brotli-1.1.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Brotli-1.1.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Brotli-1.1.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Brotli-1.1.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Brotli-1.1.0-1.1.x86_64",
"openSUSE Tumbleweed:python39-Brotli-1.1.0-1.1.aarch64",
"openSUSE Tumbleweed:python39-Brotli-1.1.0-1.1.ppc64le",
"openSUSE Tumbleweed:python39-Brotli-1.1.0-1.1.s390x",
"openSUSE Tumbleweed:python39-Brotli-1.1.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-8927"
}
]
}
PYSEC-2020-29
Vulnerability from pysec - Published: 2020-09-15 10:15 - Updated: 2020-12-02 12:15
VLAI?
Details
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
Impacted products
| Name | purl | brotli | pkg:pypi/brotli |
|---|
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "brotli",
"purl": "pkg:pypi/brotli"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.8"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.5.2",
"0.6.0",
"1.0.1",
"1.0.4",
"1.0.6",
"1.0.7"
]
}
],
"aliases": [
"CVE-2020-8927"
],
"details": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"id": "PYSEC-2020-29",
"modified": "2020-12-02T12:15:00Z",
"published": "2020-09-15T10:15:00Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/google/brotli/releases/tag/v1.0.9"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4568-1/"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html"
},
{
"type": "ADVISORY",
"url": "https://www.debian.org/security/2020/dsa-4801"
}
]
}
SUSE-SU-2023:3670-1
Vulnerability from csaf_suse - Published: 2023-09-19 09:50 - Updated: 2023-09-19 09:50Summary
Security update for python-brotlipy
Notes
Title of the patch
Security update for python-brotlipy
Description of the patch
This update for python-brotlipy fixes the following issues:
- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825).
Patchnames
SUSE-2023-3670,SUSE-SLE-Module-Public-Cloud-12-2023-3670
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-brotlipy",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-brotlipy fixes the following issues:\n\n- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-3670,SUSE-SLE-Module-Public-Cloud-12-2023-3670",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3670-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:3670-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20233670-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:3670-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2023-September/031549.html"
},
{
"category": "self",
"summary": "SUSE Bug 1175825",
"url": "https://bugzilla.suse.com/1175825"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8927 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8927/"
}
],
"title": "Security update for python-brotlipy",
"tracking": {
"current_release_date": "2023-09-19T09:50:34Z",
"generator": {
"date": "2023-09-19T09:50:34Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:3670-1",
"initial_release_date": "2023-09-19T09:50:34Z",
"revision_history": [
{
"date": "2023-09-19T09:50:34Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python-brotlipy-0.6.0-2.6.1.aarch64",
"product": {
"name": "python-brotlipy-0.6.0-2.6.1.aarch64",
"product_id": "python-brotlipy-0.6.0-2.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "python3-brotlipy-0.6.0-2.6.1.aarch64",
"product": {
"name": "python3-brotlipy-0.6.0-2.6.1.aarch64",
"product_id": "python3-brotlipy-0.6.0-2.6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python-brotlipy-0.6.0-2.6.1.i586",
"product": {
"name": "python-brotlipy-0.6.0-2.6.1.i586",
"product_id": "python-brotlipy-0.6.0-2.6.1.i586"
}
},
{
"category": "product_version",
"name": "python3-brotlipy-0.6.0-2.6.1.i586",
"product": {
"name": "python3-brotlipy-0.6.0-2.6.1.i586",
"product_id": "python3-brotlipy-0.6.0-2.6.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "python-brotlipy-0.6.0-2.6.1.ppc64le",
"product": {
"name": "python-brotlipy-0.6.0-2.6.1.ppc64le",
"product_id": "python-brotlipy-0.6.0-2.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-brotlipy-0.6.0-2.6.1.ppc64le",
"product": {
"name": "python3-brotlipy-0.6.0-2.6.1.ppc64le",
"product_id": "python3-brotlipy-0.6.0-2.6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python-brotlipy-0.6.0-2.6.1.s390",
"product": {
"name": "python-brotlipy-0.6.0-2.6.1.s390",
"product_id": "python-brotlipy-0.6.0-2.6.1.s390"
}
},
{
"category": "product_version",
"name": "python3-brotlipy-0.6.0-2.6.1.s390",
"product": {
"name": "python3-brotlipy-0.6.0-2.6.1.s390",
"product_id": "python3-brotlipy-0.6.0-2.6.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "python-brotlipy-0.6.0-2.6.1.s390x",
"product": {
"name": "python-brotlipy-0.6.0-2.6.1.s390x",
"product_id": "python-brotlipy-0.6.0-2.6.1.s390x"
}
},
{
"category": "product_version",
"name": "python3-brotlipy-0.6.0-2.6.1.s390x",
"product": {
"name": "python3-brotlipy-0.6.0-2.6.1.s390x",
"product_id": "python3-brotlipy-0.6.0-2.6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python-brotlipy-0.6.0-2.6.1.x86_64",
"product": {
"name": "python-brotlipy-0.6.0-2.6.1.x86_64",
"product_id": "python-brotlipy-0.6.0-2.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-brotlipy-0.6.0-2.6.1.x86_64",
"product": {
"name": "python3-brotlipy-0.6.0-2.6.1.x86_64",
"product_id": "python3-brotlipy-0.6.0-2.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 12",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-brotlipy-0.6.0-2.6.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12:python-brotlipy-0.6.0-2.6.1.aarch64"
},
"product_reference": "python-brotlipy-0.6.0-2.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-brotlipy-0.6.0-2.6.1.ppc64le as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12:python-brotlipy-0.6.0-2.6.1.ppc64le"
},
"product_reference": "python-brotlipy-0.6.0-2.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-brotlipy-0.6.0-2.6.1.s390x as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12:python-brotlipy-0.6.0-2.6.1.s390x"
},
"product_reference": "python-brotlipy-0.6.0-2.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-brotlipy-0.6.0-2.6.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12:python-brotlipy-0.6.0-2.6.1.x86_64"
},
"product_reference": "python-brotlipy-0.6.0-2.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotlipy-0.6.0-2.6.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12:python3-brotlipy-0.6.0-2.6.1.aarch64"
},
"product_reference": "python3-brotlipy-0.6.0-2.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotlipy-0.6.0-2.6.1.ppc64le as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12:python3-brotlipy-0.6.0-2.6.1.ppc64le"
},
"product_reference": "python3-brotlipy-0.6.0-2.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotlipy-0.6.0-2.6.1.s390x as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12:python3-brotlipy-0.6.0-2.6.1.s390x"
},
"product_reference": "python3-brotlipy-0.6.0-2.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotlipy-0.6.0-2.6.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12:python3-brotlipy-0.6.0-2.6.1.x86_64"
},
"product_reference": "python3-brotlipy-0.6.0-2.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-8927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8927"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 12:python-brotlipy-0.6.0-2.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:python-brotlipy-0.6.0-2.6.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 12:python-brotlipy-0.6.0-2.6.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 12:python-brotlipy-0.6.0-2.6.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-brotlipy-0.6.0-2.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-brotlipy-0.6.0-2.6.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-brotlipy-0.6.0-2.6.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-brotlipy-0.6.0-2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8927",
"url": "https://www.suse.com/security/cve/CVE-2020-8927"
},
{
"category": "external",
"summary": "SUSE Bug 1175825 for CVE-2020-8927",
"url": "https://bugzilla.suse.com/1175825"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 12:python-brotlipy-0.6.0-2.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:python-brotlipy-0.6.0-2.6.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 12:python-brotlipy-0.6.0-2.6.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 12:python-brotlipy-0.6.0-2.6.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-brotlipy-0.6.0-2.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-brotlipy-0.6.0-2.6.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-brotlipy-0.6.0-2.6.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-brotlipy-0.6.0-2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 12:python-brotlipy-0.6.0-2.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:python-brotlipy-0.6.0-2.6.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 12:python-brotlipy-0.6.0-2.6.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 12:python-brotlipy-0.6.0-2.6.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-brotlipy-0.6.0-2.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-brotlipy-0.6.0-2.6.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-brotlipy-0.6.0-2.6.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-brotlipy-0.6.0-2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-19T09:50:34Z",
"details": "moderate"
}
],
"title": "CVE-2020-8927"
}
]
}
SUSE-SU-2024:1968-1
Vulnerability from csaf_suse - Published: 2024-06-10 18:04 - Updated: 2024-06-10 18:04Summary
Security update for python-Brotli
Notes
Title of the patch
Security update for python-Brotli
Description of the patch
This update for python-Brotli fixes the following issues:
- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB. (bsc#1175825)
Patchnames
SUSE-2024-1968,SUSE-SLE-Module-Python3-15-SP6-2024-1968,SUSE-SLE-Module-Server-Applications-15-SP5-2024-1968,openSUSE-SLE-15.5-2024-1968
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-Brotli",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-Brotli fixes the following issues:\n\n- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB. (bsc#1175825)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1968,SUSE-SLE-Module-Python3-15-SP6-2024-1968,SUSE-SLE-Module-Server-Applications-15-SP5-2024-1968,openSUSE-SLE-15.5-2024-1968",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1968-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1968-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241968-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1968-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-June/035525.html"
},
{
"category": "self",
"summary": "SUSE Bug 1175825",
"url": "https://bugzilla.suse.com/1175825"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8927 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8927/"
}
],
"title": "Security update for python-Brotli",
"tracking": {
"current_release_date": "2024-06-10T18:04:25Z",
"generator": {
"date": "2024-06-10T18:04:25Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1968-1",
"initial_release_date": "2024-06-10T18:04:25Z",
"revision_history": [
{
"date": "2024-06-10T18:04:25Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python2-Brotli-1.0.7-150200.3.3.1.aarch64",
"product": {
"name": "python2-Brotli-1.0.7-150200.3.3.1.aarch64",
"product_id": "python2-Brotli-1.0.7-150200.3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "python3-Brotli-1.0.7-150200.3.3.1.aarch64",
"product": {
"name": "python3-Brotli-1.0.7-150200.3.3.1.aarch64",
"product_id": "python3-Brotli-1.0.7-150200.3.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python2-Brotli-1.0.7-150200.3.3.1.i586",
"product": {
"name": "python2-Brotli-1.0.7-150200.3.3.1.i586",
"product_id": "python2-Brotli-1.0.7-150200.3.3.1.i586"
}
},
{
"category": "product_version",
"name": "python3-Brotli-1.0.7-150200.3.3.1.i586",
"product": {
"name": "python3-Brotli-1.0.7-150200.3.3.1.i586",
"product_id": "python3-Brotli-1.0.7-150200.3.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "python2-Brotli-1.0.7-150200.3.3.1.ppc64le",
"product": {
"name": "python2-Brotli-1.0.7-150200.3.3.1.ppc64le",
"product_id": "python2-Brotli-1.0.7-150200.3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-Brotli-1.0.7-150200.3.3.1.ppc64le",
"product": {
"name": "python3-Brotli-1.0.7-150200.3.3.1.ppc64le",
"product_id": "python3-Brotli-1.0.7-150200.3.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python2-Brotli-1.0.7-150200.3.3.1.s390x",
"product": {
"name": "python2-Brotli-1.0.7-150200.3.3.1.s390x",
"product_id": "python2-Brotli-1.0.7-150200.3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "python3-Brotli-1.0.7-150200.3.3.1.s390x",
"product": {
"name": "python3-Brotli-1.0.7-150200.3.3.1.s390x",
"product_id": "python3-Brotli-1.0.7-150200.3.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python2-Brotli-1.0.7-150200.3.3.1.x86_64",
"product": {
"name": "python2-Brotli-1.0.7-150200.3.3.1.x86_64",
"product_id": "python2-Brotli-1.0.7-150200.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-Brotli-1.0.7-150200.3.3.1.x86_64",
"product": {
"name": "python3-Brotli-1.0.7-150200.3.3.1.x86_64",
"product_id": "python3-Brotli-1.0.7-150200.3.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-python3:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15:sp5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-Brotli-1.0.7-150200.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python3-Brotli-1.0.7-150200.3.3.1.aarch64"
},
"product_reference": "python3-Brotli-1.0.7-150200.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-Brotli-1.0.7-150200.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python3-Brotli-1.0.7-150200.3.3.1.ppc64le"
},
"product_reference": "python3-Brotli-1.0.7-150200.3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-Brotli-1.0.7-150200.3.3.1.s390x as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python3-Brotli-1.0.7-150200.3.3.1.s390x"
},
"product_reference": "python3-Brotli-1.0.7-150200.3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-Brotli-1.0.7-150200.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python3-Brotli-1.0.7-150200.3.3.1.x86_64"
},
"product_reference": "python3-Brotli-1.0.7-150200.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-Brotli-1.0.7-150200.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP5:python3-Brotli-1.0.7-150200.3.3.1.aarch64"
},
"product_reference": "python3-Brotli-1.0.7-150200.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-Brotli-1.0.7-150200.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP5:python3-Brotli-1.0.7-150200.3.3.1.ppc64le"
},
"product_reference": "python3-Brotli-1.0.7-150200.3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-Brotli-1.0.7-150200.3.3.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP5:python3-Brotli-1.0.7-150200.3.3.1.s390x"
},
"product_reference": "python3-Brotli-1.0.7-150200.3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-Brotli-1.0.7-150200.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP5:python3-Brotli-1.0.7-150200.3.3.1.x86_64"
},
"product_reference": "python3-Brotli-1.0.7-150200.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-Brotli-1.0.7-150200.3.3.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:python3-Brotli-1.0.7-150200.3.3.1.aarch64"
},
"product_reference": "python3-Brotli-1.0.7-150200.3.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-Brotli-1.0.7-150200.3.3.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:python3-Brotli-1.0.7-150200.3.3.1.ppc64le"
},
"product_reference": "python3-Brotli-1.0.7-150200.3.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-Brotli-1.0.7-150200.3.3.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:python3-Brotli-1.0.7-150200.3.3.1.s390x"
},
"product_reference": "python3-Brotli-1.0.7-150200.3.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-Brotli-1.0.7-150200.3.3.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:python3-Brotli-1.0.7-150200.3.3.1.x86_64"
},
"product_reference": "python3-Brotli-1.0.7-150200.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-8927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8927"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:python3-Brotli-1.0.7-150200.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python3-Brotli-1.0.7-150200.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python3-Brotli-1.0.7-150200.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python3-Brotli-1.0.7-150200.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:python3-Brotli-1.0.7-150200.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:python3-Brotli-1.0.7-150200.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:python3-Brotli-1.0.7-150200.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:python3-Brotli-1.0.7-150200.3.3.1.x86_64",
"openSUSE Leap 15.5:python3-Brotli-1.0.7-150200.3.3.1.aarch64",
"openSUSE Leap 15.5:python3-Brotli-1.0.7-150200.3.3.1.ppc64le",
"openSUSE Leap 15.5:python3-Brotli-1.0.7-150200.3.3.1.s390x",
"openSUSE Leap 15.5:python3-Brotli-1.0.7-150200.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8927",
"url": "https://www.suse.com/security/cve/CVE-2020-8927"
},
{
"category": "external",
"summary": "SUSE Bug 1175825 for CVE-2020-8927",
"url": "https://bugzilla.suse.com/1175825"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:python3-Brotli-1.0.7-150200.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python3-Brotli-1.0.7-150200.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python3-Brotli-1.0.7-150200.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python3-Brotli-1.0.7-150200.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:python3-Brotli-1.0.7-150200.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:python3-Brotli-1.0.7-150200.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:python3-Brotli-1.0.7-150200.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:python3-Brotli-1.0.7-150200.3.3.1.x86_64",
"openSUSE Leap 15.5:python3-Brotli-1.0.7-150200.3.3.1.aarch64",
"openSUSE Leap 15.5:python3-Brotli-1.0.7-150200.3.3.1.ppc64le",
"openSUSE Leap 15.5:python3-Brotli-1.0.7-150200.3.3.1.s390x",
"openSUSE Leap 15.5:python3-Brotli-1.0.7-150200.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:python3-Brotli-1.0.7-150200.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python3-Brotli-1.0.7-150200.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python3-Brotli-1.0.7-150200.3.3.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python3-Brotli-1.0.7-150200.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:python3-Brotli-1.0.7-150200.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:python3-Brotli-1.0.7-150200.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:python3-Brotli-1.0.7-150200.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:python3-Brotli-1.0.7-150200.3.3.1.x86_64",
"openSUSE Leap 15.5:python3-Brotli-1.0.7-150200.3.3.1.aarch64",
"openSUSE Leap 15.5:python3-Brotli-1.0.7-150200.3.3.1.ppc64le",
"openSUSE Leap 15.5:python3-Brotli-1.0.7-150200.3.3.1.s390x",
"openSUSE Leap 15.5:python3-Brotli-1.0.7-150200.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-10T18:04:25Z",
"details": "moderate"
}
],
"title": "CVE-2020-8927"
}
]
}
SUSE-SU-2023:3827-1
Vulnerability from csaf_suse - Published: 2023-09-27 17:03 - Updated: 2023-09-27 17:03Summary
Security update for python-brotlipy
Notes
Title of the patch
Security update for python-brotlipy
Description of the patch
This update for python-brotlipy fixes the following issues:
- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825).
Patchnames
SUSE-2023-3827,SUSE-SLE-Module-Public-Cloud-15-SP3-2023-3827,SUSE-SLE-Module-Public-Cloud-15-SP4-2023-3827,SUSE-SLE-Module-Public-Cloud-15-SP5-2023-3827,openSUSE-SLE-15.4-2023-3827,openSUSE-SLE-15.5-2023-3827
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-brotlipy",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-brotlipy fixes the following issues:\n\n- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-3827,SUSE-SLE-Module-Public-Cloud-15-SP3-2023-3827,SUSE-SLE-Module-Public-Cloud-15-SP4-2023-3827,SUSE-SLE-Module-Public-Cloud-15-SP5-2023-3827,openSUSE-SLE-15.4-2023-3827,openSUSE-SLE-15.5-2023-3827",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3827-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:3827-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20233827-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:3827-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2023-September/031738.html"
},
{
"category": "self",
"summary": "SUSE Bug 1175825",
"url": "https://bugzilla.suse.com/1175825"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8927 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8927/"
}
],
"title": "Security update for python-brotlipy",
"tracking": {
"current_release_date": "2023-09-27T17:03:32Z",
"generator": {
"date": "2023-09-27T17:03:32Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:3827-1",
"initial_release_date": "2023-09-27T17:03:32Z",
"revision_history": [
{
"date": "2023-09-27T17:03:32Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python2-brotlipy-0.7.0-150300.3.3.1.aarch64",
"product": {
"name": "python2-brotlipy-0.7.0-150300.3.3.1.aarch64",
"product_id": "python2-brotlipy-0.7.0-150300.3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "python3-brotlipy-0.7.0-150300.3.3.1.aarch64",
"product": {
"name": "python3-brotlipy-0.7.0-150300.3.3.1.aarch64",
"product_id": "python3-brotlipy-0.7.0-150300.3.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python2-brotlipy-0.7.0-150300.3.3.1.i586",
"product": {
"name": "python2-brotlipy-0.7.0-150300.3.3.1.i586",
"product_id": "python2-brotlipy-0.7.0-150300.3.3.1.i586"
}
},
{
"category": "product_version",
"name": "python3-brotlipy-0.7.0-150300.3.3.1.i586",
"product": {
"name": "python3-brotlipy-0.7.0-150300.3.3.1.i586",
"product_id": "python3-brotlipy-0.7.0-150300.3.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "python2-brotlipy-0.7.0-150300.3.3.1.ppc64le",
"product": {
"name": "python2-brotlipy-0.7.0-150300.3.3.1.ppc64le",
"product_id": "python2-brotlipy-0.7.0-150300.3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-brotlipy-0.7.0-150300.3.3.1.ppc64le",
"product": {
"name": "python3-brotlipy-0.7.0-150300.3.3.1.ppc64le",
"product_id": "python3-brotlipy-0.7.0-150300.3.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python2-brotlipy-0.7.0-150300.3.3.1.s390x",
"product": {
"name": "python2-brotlipy-0.7.0-150300.3.3.1.s390x",
"product_id": "python2-brotlipy-0.7.0-150300.3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "python3-brotlipy-0.7.0-150300.3.3.1.s390x",
"product": {
"name": "python3-brotlipy-0.7.0-150300.3.3.1.s390x",
"product_id": "python3-brotlipy-0.7.0-150300.3.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python2-brotlipy-0.7.0-150300.3.3.1.x86_64",
"product": {
"name": "python2-brotlipy-0.7.0-150300.3.3.1.x86_64",
"product_id": "python2-brotlipy-0.7.0-150300.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-brotlipy-0.7.0-150300.3.3.1.x86_64",
"product": {
"name": "python3-brotlipy-0.7.0-150300.3.3.1.x86_64",
"product_id": "python3-brotlipy-0.7.0-150300.3.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:15:sp5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotlipy-0.7.0-150300.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP3:python3-brotlipy-0.7.0-150300.3.3.1.aarch64"
},
"product_reference": "python3-brotlipy-0.7.0-150300.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotlipy-0.7.0-150300.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Public Cloud 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP3:python3-brotlipy-0.7.0-150300.3.3.1.ppc64le"
},
"product_reference": "python3-brotlipy-0.7.0-150300.3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotlipy-0.7.0-150300.3.3.1.s390x as component of SUSE Linux Enterprise Module for Public Cloud 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP3:python3-brotlipy-0.7.0-150300.3.3.1.s390x"
},
"product_reference": "python3-brotlipy-0.7.0-150300.3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotlipy-0.7.0-150300.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP3:python3-brotlipy-0.7.0-150300.3.3.1.x86_64"
},
"product_reference": "python3-brotlipy-0.7.0-150300.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotlipy-0.7.0-150300.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP4:python3-brotlipy-0.7.0-150300.3.3.1.aarch64"
},
"product_reference": "python3-brotlipy-0.7.0-150300.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotlipy-0.7.0-150300.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP4:python3-brotlipy-0.7.0-150300.3.3.1.ppc64le"
},
"product_reference": "python3-brotlipy-0.7.0-150300.3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotlipy-0.7.0-150300.3.3.1.s390x as component of SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP4:python3-brotlipy-0.7.0-150300.3.3.1.s390x"
},
"product_reference": "python3-brotlipy-0.7.0-150300.3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotlipy-0.7.0-150300.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP4:python3-brotlipy-0.7.0-150300.3.3.1.x86_64"
},
"product_reference": "python3-brotlipy-0.7.0-150300.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotlipy-0.7.0-150300.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP5:python3-brotlipy-0.7.0-150300.3.3.1.aarch64"
},
"product_reference": "python3-brotlipy-0.7.0-150300.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotlipy-0.7.0-150300.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Public Cloud 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP5:python3-brotlipy-0.7.0-150300.3.3.1.ppc64le"
},
"product_reference": "python3-brotlipy-0.7.0-150300.3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotlipy-0.7.0-150300.3.3.1.s390x as component of SUSE Linux Enterprise Module for Public Cloud 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP5:python3-brotlipy-0.7.0-150300.3.3.1.s390x"
},
"product_reference": "python3-brotlipy-0.7.0-150300.3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotlipy-0.7.0-150300.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP5:python3-brotlipy-0.7.0-150300.3.3.1.x86_64"
},
"product_reference": "python3-brotlipy-0.7.0-150300.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotlipy-0.7.0-150300.3.3.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:python3-brotlipy-0.7.0-150300.3.3.1.aarch64"
},
"product_reference": "python3-brotlipy-0.7.0-150300.3.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotlipy-0.7.0-150300.3.3.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:python3-brotlipy-0.7.0-150300.3.3.1.ppc64le"
},
"product_reference": "python3-brotlipy-0.7.0-150300.3.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotlipy-0.7.0-150300.3.3.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:python3-brotlipy-0.7.0-150300.3.3.1.s390x"
},
"product_reference": "python3-brotlipy-0.7.0-150300.3.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotlipy-0.7.0-150300.3.3.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:python3-brotlipy-0.7.0-150300.3.3.1.x86_64"
},
"product_reference": "python3-brotlipy-0.7.0-150300.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotlipy-0.7.0-150300.3.3.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:python3-brotlipy-0.7.0-150300.3.3.1.aarch64"
},
"product_reference": "python3-brotlipy-0.7.0-150300.3.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotlipy-0.7.0-150300.3.3.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:python3-brotlipy-0.7.0-150300.3.3.1.ppc64le"
},
"product_reference": "python3-brotlipy-0.7.0-150300.3.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotlipy-0.7.0-150300.3.3.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:python3-brotlipy-0.7.0-150300.3.3.1.s390x"
},
"product_reference": "python3-brotlipy-0.7.0-150300.3.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotlipy-0.7.0-150300.3.3.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:python3-brotlipy-0.7.0-150300.3.3.1.x86_64"
},
"product_reference": "python3-brotlipy-0.7.0-150300.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-8927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8927"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:python3-brotlipy-0.7.0-150300.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:python3-brotlipy-0.7.0-150300.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:python3-brotlipy-0.7.0-150300.3.3.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:python3-brotlipy-0.7.0-150300.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python3-brotlipy-0.7.0-150300.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python3-brotlipy-0.7.0-150300.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python3-brotlipy-0.7.0-150300.3.3.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python3-brotlipy-0.7.0-150300.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:python3-brotlipy-0.7.0-150300.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:python3-brotlipy-0.7.0-150300.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:python3-brotlipy-0.7.0-150300.3.3.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:python3-brotlipy-0.7.0-150300.3.3.1.x86_64",
"openSUSE Leap 15.4:python3-brotlipy-0.7.0-150300.3.3.1.aarch64",
"openSUSE Leap 15.4:python3-brotlipy-0.7.0-150300.3.3.1.ppc64le",
"openSUSE Leap 15.4:python3-brotlipy-0.7.0-150300.3.3.1.s390x",
"openSUSE Leap 15.4:python3-brotlipy-0.7.0-150300.3.3.1.x86_64",
"openSUSE Leap 15.5:python3-brotlipy-0.7.0-150300.3.3.1.aarch64",
"openSUSE Leap 15.5:python3-brotlipy-0.7.0-150300.3.3.1.ppc64le",
"openSUSE Leap 15.5:python3-brotlipy-0.7.0-150300.3.3.1.s390x",
"openSUSE Leap 15.5:python3-brotlipy-0.7.0-150300.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8927",
"url": "https://www.suse.com/security/cve/CVE-2020-8927"
},
{
"category": "external",
"summary": "SUSE Bug 1175825 for CVE-2020-8927",
"url": "https://bugzilla.suse.com/1175825"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:python3-brotlipy-0.7.0-150300.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:python3-brotlipy-0.7.0-150300.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:python3-brotlipy-0.7.0-150300.3.3.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:python3-brotlipy-0.7.0-150300.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python3-brotlipy-0.7.0-150300.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python3-brotlipy-0.7.0-150300.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python3-brotlipy-0.7.0-150300.3.3.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python3-brotlipy-0.7.0-150300.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:python3-brotlipy-0.7.0-150300.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:python3-brotlipy-0.7.0-150300.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:python3-brotlipy-0.7.0-150300.3.3.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:python3-brotlipy-0.7.0-150300.3.3.1.x86_64",
"openSUSE Leap 15.4:python3-brotlipy-0.7.0-150300.3.3.1.aarch64",
"openSUSE Leap 15.4:python3-brotlipy-0.7.0-150300.3.3.1.ppc64le",
"openSUSE Leap 15.4:python3-brotlipy-0.7.0-150300.3.3.1.s390x",
"openSUSE Leap 15.4:python3-brotlipy-0.7.0-150300.3.3.1.x86_64",
"openSUSE Leap 15.5:python3-brotlipy-0.7.0-150300.3.3.1.aarch64",
"openSUSE Leap 15.5:python3-brotlipy-0.7.0-150300.3.3.1.ppc64le",
"openSUSE Leap 15.5:python3-brotlipy-0.7.0-150300.3.3.1.s390x",
"openSUSE Leap 15.5:python3-brotlipy-0.7.0-150300.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:python3-brotlipy-0.7.0-150300.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:python3-brotlipy-0.7.0-150300.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:python3-brotlipy-0.7.0-150300.3.3.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:python3-brotlipy-0.7.0-150300.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python3-brotlipy-0.7.0-150300.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python3-brotlipy-0.7.0-150300.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python3-brotlipy-0.7.0-150300.3.3.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python3-brotlipy-0.7.0-150300.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:python3-brotlipy-0.7.0-150300.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:python3-brotlipy-0.7.0-150300.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:python3-brotlipy-0.7.0-150300.3.3.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:python3-brotlipy-0.7.0-150300.3.3.1.x86_64",
"openSUSE Leap 15.4:python3-brotlipy-0.7.0-150300.3.3.1.aarch64",
"openSUSE Leap 15.4:python3-brotlipy-0.7.0-150300.3.3.1.ppc64le",
"openSUSE Leap 15.4:python3-brotlipy-0.7.0-150300.3.3.1.s390x",
"openSUSE Leap 15.4:python3-brotlipy-0.7.0-150300.3.3.1.x86_64",
"openSUSE Leap 15.5:python3-brotlipy-0.7.0-150300.3.3.1.aarch64",
"openSUSE Leap 15.5:python3-brotlipy-0.7.0-150300.3.3.1.ppc64le",
"openSUSE Leap 15.5:python3-brotlipy-0.7.0-150300.3.3.1.s390x",
"openSUSE Leap 15.5:python3-brotlipy-0.7.0-150300.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-27T17:03:32Z",
"details": "moderate"
}
],
"title": "CVE-2020-8927"
}
]
}
SUSE-SU-2021:3942-1
Vulnerability from csaf_suse - Published: 2021-12-06 13:46 - Updated: 2021-12-06 13:46Summary
Security update for brotli
Notes
Title of the patch
Security update for brotli
Description of the patch
This update for brotli fixes the following issues:
- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825).
Patchnames
SUSE-2021-3942,SUSE-SLE-Module-Basesystem-15-SP2-2021-3942,SUSE-SLE-Module-Basesystem-15-SP3-2021-3942
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for brotli",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for brotli fixes the following issues:\n\n- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2021-3942,SUSE-SLE-Module-Basesystem-15-SP2-2021-3942,SUSE-SLE-Module-Basesystem-15-SP3-2021-3942",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_3942-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:3942-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20213942-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:3942-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-December/009849.html"
},
{
"category": "self",
"summary": "SUSE Bug 1175825",
"url": "https://bugzilla.suse.com/1175825"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8927 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8927/"
}
],
"title": "Security update for brotli",
"tracking": {
"current_release_date": "2021-12-06T13:46:22Z",
"generator": {
"date": "2021-12-06T13:46:22Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:3942-1",
"initial_release_date": "2021-12-06T13:46:22Z",
"revision_history": [
{
"date": "2021-12-06T13:46:22Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "brotli-1.0.7-3.3.1.aarch64",
"product": {
"name": "brotli-1.0.7-3.3.1.aarch64",
"product_id": "brotli-1.0.7-3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libbrotli-devel-1.0.7-3.3.1.aarch64",
"product": {
"name": "libbrotli-devel-1.0.7-3.3.1.aarch64",
"product_id": "libbrotli-devel-1.0.7-3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libbrotlicommon1-1.0.7-3.3.1.aarch64",
"product": {
"name": "libbrotlicommon1-1.0.7-3.3.1.aarch64",
"product_id": "libbrotlicommon1-1.0.7-3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libbrotlidec1-1.0.7-3.3.1.aarch64",
"product": {
"name": "libbrotlidec1-1.0.7-3.3.1.aarch64",
"product_id": "libbrotlidec1-1.0.7-3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libbrotlienc1-1.0.7-3.3.1.aarch64",
"product": {
"name": "libbrotlienc1-1.0.7-3.3.1.aarch64",
"product_id": "libbrotlienc1-1.0.7-3.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libbrotlicommon1-64bit-1.0.7-3.3.1.aarch64_ilp32",
"product": {
"name": "libbrotlicommon1-64bit-1.0.7-3.3.1.aarch64_ilp32",
"product_id": "libbrotlicommon1-64bit-1.0.7-3.3.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libbrotlidec1-64bit-1.0.7-3.3.1.aarch64_ilp32",
"product": {
"name": "libbrotlidec1-64bit-1.0.7-3.3.1.aarch64_ilp32",
"product_id": "libbrotlidec1-64bit-1.0.7-3.3.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libbrotlienc1-64bit-1.0.7-3.3.1.aarch64_ilp32",
"product": {
"name": "libbrotlienc1-64bit-1.0.7-3.3.1.aarch64_ilp32",
"product_id": "libbrotlienc1-64bit-1.0.7-3.3.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "brotli-1.0.7-3.3.1.i586",
"product": {
"name": "brotli-1.0.7-3.3.1.i586",
"product_id": "brotli-1.0.7-3.3.1.i586"
}
},
{
"category": "product_version",
"name": "libbrotli-devel-1.0.7-3.3.1.i586",
"product": {
"name": "libbrotli-devel-1.0.7-3.3.1.i586",
"product_id": "libbrotli-devel-1.0.7-3.3.1.i586"
}
},
{
"category": "product_version",
"name": "libbrotlicommon1-1.0.7-3.3.1.i586",
"product": {
"name": "libbrotlicommon1-1.0.7-3.3.1.i586",
"product_id": "libbrotlicommon1-1.0.7-3.3.1.i586"
}
},
{
"category": "product_version",
"name": "libbrotlidec1-1.0.7-3.3.1.i586",
"product": {
"name": "libbrotlidec1-1.0.7-3.3.1.i586",
"product_id": "libbrotlidec1-1.0.7-3.3.1.i586"
}
},
{
"category": "product_version",
"name": "libbrotlienc1-1.0.7-3.3.1.i586",
"product": {
"name": "libbrotlienc1-1.0.7-3.3.1.i586",
"product_id": "libbrotlienc1-1.0.7-3.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "brotli-1.0.7-3.3.1.ppc64le",
"product": {
"name": "brotli-1.0.7-3.3.1.ppc64le",
"product_id": "brotli-1.0.7-3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libbrotli-devel-1.0.7-3.3.1.ppc64le",
"product": {
"name": "libbrotli-devel-1.0.7-3.3.1.ppc64le",
"product_id": "libbrotli-devel-1.0.7-3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libbrotlicommon1-1.0.7-3.3.1.ppc64le",
"product": {
"name": "libbrotlicommon1-1.0.7-3.3.1.ppc64le",
"product_id": "libbrotlicommon1-1.0.7-3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libbrotlidec1-1.0.7-3.3.1.ppc64le",
"product": {
"name": "libbrotlidec1-1.0.7-3.3.1.ppc64le",
"product_id": "libbrotlidec1-1.0.7-3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libbrotlienc1-1.0.7-3.3.1.ppc64le",
"product": {
"name": "libbrotlienc1-1.0.7-3.3.1.ppc64le",
"product_id": "libbrotlienc1-1.0.7-3.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "brotli-1.0.7-3.3.1.s390x",
"product": {
"name": "brotli-1.0.7-3.3.1.s390x",
"product_id": "brotli-1.0.7-3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libbrotli-devel-1.0.7-3.3.1.s390x",
"product": {
"name": "libbrotli-devel-1.0.7-3.3.1.s390x",
"product_id": "libbrotli-devel-1.0.7-3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libbrotlicommon1-1.0.7-3.3.1.s390x",
"product": {
"name": "libbrotlicommon1-1.0.7-3.3.1.s390x",
"product_id": "libbrotlicommon1-1.0.7-3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libbrotlidec1-1.0.7-3.3.1.s390x",
"product": {
"name": "libbrotlidec1-1.0.7-3.3.1.s390x",
"product_id": "libbrotlidec1-1.0.7-3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libbrotlienc1-1.0.7-3.3.1.s390x",
"product": {
"name": "libbrotlienc1-1.0.7-3.3.1.s390x",
"product_id": "libbrotlienc1-1.0.7-3.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "brotli-1.0.7-3.3.1.x86_64",
"product": {
"name": "brotli-1.0.7-3.3.1.x86_64",
"product_id": "brotli-1.0.7-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libbrotli-devel-1.0.7-3.3.1.x86_64",
"product": {
"name": "libbrotli-devel-1.0.7-3.3.1.x86_64",
"product_id": "libbrotli-devel-1.0.7-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libbrotlicommon1-1.0.7-3.3.1.x86_64",
"product": {
"name": "libbrotlicommon1-1.0.7-3.3.1.x86_64",
"product_id": "libbrotlicommon1-1.0.7-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libbrotlicommon1-32bit-1.0.7-3.3.1.x86_64",
"product": {
"name": "libbrotlicommon1-32bit-1.0.7-3.3.1.x86_64",
"product_id": "libbrotlicommon1-32bit-1.0.7-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libbrotlidec1-1.0.7-3.3.1.x86_64",
"product": {
"name": "libbrotlidec1-1.0.7-3.3.1.x86_64",
"product_id": "libbrotlidec1-1.0.7-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libbrotlidec1-32bit-1.0.7-3.3.1.x86_64",
"product": {
"name": "libbrotlidec1-32bit-1.0.7-3.3.1.x86_64",
"product_id": "libbrotlidec1-32bit-1.0.7-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libbrotlienc1-1.0.7-3.3.1.x86_64",
"product": {
"name": "libbrotlienc1-1.0.7-3.3.1.x86_64",
"product_id": "libbrotlienc1-1.0.7-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libbrotlienc1-32bit-1.0.7-3.3.1.x86_64",
"product": {
"name": "libbrotlienc1-32bit-1.0.7-3.3.1.x86_64",
"product_id": "libbrotlienc1-32bit-1.0.7-3.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotli-devel-1.0.7-3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotli-devel-1.0.7-3.3.1.aarch64"
},
"product_reference": "libbrotli-devel-1.0.7-3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotli-devel-1.0.7-3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotli-devel-1.0.7-3.3.1.ppc64le"
},
"product_reference": "libbrotli-devel-1.0.7-3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotli-devel-1.0.7-3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotli-devel-1.0.7-3.3.1.s390x"
},
"product_reference": "libbrotli-devel-1.0.7-3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotli-devel-1.0.7-3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotli-devel-1.0.7-3.3.1.x86_64"
},
"product_reference": "libbrotli-devel-1.0.7-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlicommon1-1.0.7-3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlicommon1-1.0.7-3.3.1.aarch64"
},
"product_reference": "libbrotlicommon1-1.0.7-3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlicommon1-1.0.7-3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlicommon1-1.0.7-3.3.1.ppc64le"
},
"product_reference": "libbrotlicommon1-1.0.7-3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlicommon1-1.0.7-3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlicommon1-1.0.7-3.3.1.s390x"
},
"product_reference": "libbrotlicommon1-1.0.7-3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlicommon1-1.0.7-3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlicommon1-1.0.7-3.3.1.x86_64"
},
"product_reference": "libbrotlicommon1-1.0.7-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlidec1-1.0.7-3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlidec1-1.0.7-3.3.1.aarch64"
},
"product_reference": "libbrotlidec1-1.0.7-3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlidec1-1.0.7-3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlidec1-1.0.7-3.3.1.ppc64le"
},
"product_reference": "libbrotlidec1-1.0.7-3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlidec1-1.0.7-3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlidec1-1.0.7-3.3.1.s390x"
},
"product_reference": "libbrotlidec1-1.0.7-3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlidec1-1.0.7-3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlidec1-1.0.7-3.3.1.x86_64"
},
"product_reference": "libbrotlidec1-1.0.7-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlienc1-1.0.7-3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlienc1-1.0.7-3.3.1.aarch64"
},
"product_reference": "libbrotlienc1-1.0.7-3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlienc1-1.0.7-3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlienc1-1.0.7-3.3.1.ppc64le"
},
"product_reference": "libbrotlienc1-1.0.7-3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlienc1-1.0.7-3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlienc1-1.0.7-3.3.1.s390x"
},
"product_reference": "libbrotlienc1-1.0.7-3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlienc1-1.0.7-3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlienc1-1.0.7-3.3.1.x86_64"
},
"product_reference": "libbrotlienc1-1.0.7-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotli-devel-1.0.7-3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotli-devel-1.0.7-3.3.1.aarch64"
},
"product_reference": "libbrotli-devel-1.0.7-3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotli-devel-1.0.7-3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotli-devel-1.0.7-3.3.1.ppc64le"
},
"product_reference": "libbrotli-devel-1.0.7-3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotli-devel-1.0.7-3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotli-devel-1.0.7-3.3.1.s390x"
},
"product_reference": "libbrotli-devel-1.0.7-3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotli-devel-1.0.7-3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotli-devel-1.0.7-3.3.1.x86_64"
},
"product_reference": "libbrotli-devel-1.0.7-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlicommon1-1.0.7-3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlicommon1-1.0.7-3.3.1.aarch64"
},
"product_reference": "libbrotlicommon1-1.0.7-3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlicommon1-1.0.7-3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlicommon1-1.0.7-3.3.1.ppc64le"
},
"product_reference": "libbrotlicommon1-1.0.7-3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlicommon1-1.0.7-3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlicommon1-1.0.7-3.3.1.s390x"
},
"product_reference": "libbrotlicommon1-1.0.7-3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlicommon1-1.0.7-3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlicommon1-1.0.7-3.3.1.x86_64"
},
"product_reference": "libbrotlicommon1-1.0.7-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlidec1-1.0.7-3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlidec1-1.0.7-3.3.1.aarch64"
},
"product_reference": "libbrotlidec1-1.0.7-3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlidec1-1.0.7-3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlidec1-1.0.7-3.3.1.ppc64le"
},
"product_reference": "libbrotlidec1-1.0.7-3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlidec1-1.0.7-3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlidec1-1.0.7-3.3.1.s390x"
},
"product_reference": "libbrotlidec1-1.0.7-3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlidec1-1.0.7-3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlidec1-1.0.7-3.3.1.x86_64"
},
"product_reference": "libbrotlidec1-1.0.7-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlienc1-1.0.7-3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlienc1-1.0.7-3.3.1.aarch64"
},
"product_reference": "libbrotlienc1-1.0.7-3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlienc1-1.0.7-3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlienc1-1.0.7-3.3.1.ppc64le"
},
"product_reference": "libbrotlienc1-1.0.7-3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlienc1-1.0.7-3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlienc1-1.0.7-3.3.1.s390x"
},
"product_reference": "libbrotlienc1-1.0.7-3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlienc1-1.0.7-3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlienc1-1.0.7-3.3.1.x86_64"
},
"product_reference": "libbrotlienc1-1.0.7-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-8927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8927"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotli-devel-1.0.7-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotli-devel-1.0.7-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotli-devel-1.0.7-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotli-devel-1.0.7-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlicommon1-1.0.7-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlicommon1-1.0.7-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlicommon1-1.0.7-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlicommon1-1.0.7-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlidec1-1.0.7-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlidec1-1.0.7-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlidec1-1.0.7-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlidec1-1.0.7-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlienc1-1.0.7-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlienc1-1.0.7-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlienc1-1.0.7-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlienc1-1.0.7-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotli-devel-1.0.7-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotli-devel-1.0.7-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotli-devel-1.0.7-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotli-devel-1.0.7-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlicommon1-1.0.7-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlicommon1-1.0.7-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlicommon1-1.0.7-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlicommon1-1.0.7-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlidec1-1.0.7-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlidec1-1.0.7-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlidec1-1.0.7-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlidec1-1.0.7-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlienc1-1.0.7-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlienc1-1.0.7-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlienc1-1.0.7-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlienc1-1.0.7-3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8927",
"url": "https://www.suse.com/security/cve/CVE-2020-8927"
},
{
"category": "external",
"summary": "SUSE Bug 1175825 for CVE-2020-8927",
"url": "https://bugzilla.suse.com/1175825"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotli-devel-1.0.7-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotli-devel-1.0.7-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotli-devel-1.0.7-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotli-devel-1.0.7-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlicommon1-1.0.7-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlicommon1-1.0.7-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlicommon1-1.0.7-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlicommon1-1.0.7-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlidec1-1.0.7-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlidec1-1.0.7-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlidec1-1.0.7-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlidec1-1.0.7-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlienc1-1.0.7-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlienc1-1.0.7-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlienc1-1.0.7-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlienc1-1.0.7-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotli-devel-1.0.7-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotli-devel-1.0.7-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotli-devel-1.0.7-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotli-devel-1.0.7-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlicommon1-1.0.7-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlicommon1-1.0.7-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlicommon1-1.0.7-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlicommon1-1.0.7-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlidec1-1.0.7-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlidec1-1.0.7-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlidec1-1.0.7-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlidec1-1.0.7-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlienc1-1.0.7-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlienc1-1.0.7-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlienc1-1.0.7-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlienc1-1.0.7-3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotli-devel-1.0.7-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotli-devel-1.0.7-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotli-devel-1.0.7-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotli-devel-1.0.7-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlicommon1-1.0.7-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlicommon1-1.0.7-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlicommon1-1.0.7-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlicommon1-1.0.7-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlidec1-1.0.7-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlidec1-1.0.7-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlidec1-1.0.7-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlidec1-1.0.7-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlienc1-1.0.7-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlienc1-1.0.7-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlienc1-1.0.7-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlienc1-1.0.7-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotli-devel-1.0.7-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotli-devel-1.0.7-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotli-devel-1.0.7-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotli-devel-1.0.7-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlicommon1-1.0.7-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlicommon1-1.0.7-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlicommon1-1.0.7-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlicommon1-1.0.7-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlidec1-1.0.7-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlidec1-1.0.7-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlidec1-1.0.7-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlidec1-1.0.7-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlienc1-1.0.7-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlienc1-1.0.7-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlienc1-1.0.7-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlienc1-1.0.7-3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-06T13:46:22Z",
"details": "moderate"
}
],
"title": "CVE-2020-8927"
}
]
}
SUSE-SU-2023:3669-1
Vulnerability from csaf_suse - Published: 2023-09-19 09:50 - Updated: 2023-09-19 09:50Summary
Security update for python-brotlipy
Notes
Title of the patch
Security update for python-brotlipy
Description of the patch
This update for python-brotlipy fixes the following issues:
- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825).
Patchnames
SUSE-2023-3669,SUSE-SLE-Module-Public-Cloud-15-SP1-2023-3669,SUSE-SLE-Module-Public-Cloud-15-SP2-2023-3669
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-brotlipy",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-brotlipy fixes the following issues:\n\n- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-3669,SUSE-SLE-Module-Public-Cloud-15-SP1-2023-3669,SUSE-SLE-Module-Public-Cloud-15-SP2-2023-3669",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3669-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:3669-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20233669-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:3669-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2023-September/031550.html"
},
{
"category": "self",
"summary": "SUSE Bug 1175825",
"url": "https://bugzilla.suse.com/1175825"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8927 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8927/"
}
],
"title": "Security update for python-brotlipy",
"tracking": {
"current_release_date": "2023-09-19T09:50:19Z",
"generator": {
"date": "2023-09-19T09:50:19Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:3669-1",
"initial_release_date": "2023-09-19T09:50:19Z",
"revision_history": [
{
"date": "2023-09-19T09:50:19Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python2-brotlipy-0.7.0-150100.3.6.1.aarch64",
"product": {
"name": "python2-brotlipy-0.7.0-150100.3.6.1.aarch64",
"product_id": "python2-brotlipy-0.7.0-150100.3.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "python3-brotlipy-0.7.0-150100.3.6.1.aarch64",
"product": {
"name": "python3-brotlipy-0.7.0-150100.3.6.1.aarch64",
"product_id": "python3-brotlipy-0.7.0-150100.3.6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python2-brotlipy-0.7.0-150100.3.6.1.i586",
"product": {
"name": "python2-brotlipy-0.7.0-150100.3.6.1.i586",
"product_id": "python2-brotlipy-0.7.0-150100.3.6.1.i586"
}
},
{
"category": "product_version",
"name": "python3-brotlipy-0.7.0-150100.3.6.1.i586",
"product": {
"name": "python3-brotlipy-0.7.0-150100.3.6.1.i586",
"product_id": "python3-brotlipy-0.7.0-150100.3.6.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "python2-brotlipy-0.7.0-150100.3.6.1.ppc64le",
"product": {
"name": "python2-brotlipy-0.7.0-150100.3.6.1.ppc64le",
"product_id": "python2-brotlipy-0.7.0-150100.3.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-brotlipy-0.7.0-150100.3.6.1.ppc64le",
"product": {
"name": "python3-brotlipy-0.7.0-150100.3.6.1.ppc64le",
"product_id": "python3-brotlipy-0.7.0-150100.3.6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python2-brotlipy-0.7.0-150100.3.6.1.s390x",
"product": {
"name": "python2-brotlipy-0.7.0-150100.3.6.1.s390x",
"product_id": "python2-brotlipy-0.7.0-150100.3.6.1.s390x"
}
},
{
"category": "product_version",
"name": "python3-brotlipy-0.7.0-150100.3.6.1.s390x",
"product": {
"name": "python3-brotlipy-0.7.0-150100.3.6.1.s390x",
"product_id": "python3-brotlipy-0.7.0-150100.3.6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python2-brotlipy-0.7.0-150100.3.6.1.x86_64",
"product": {
"name": "python2-brotlipy-0.7.0-150100.3.6.1.x86_64",
"product_id": "python2-brotlipy-0.7.0-150100.3.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-brotlipy-0.7.0-150100.3.6.1.x86_64",
"product": {
"name": "python3-brotlipy-0.7.0-150100.3.6.1.x86_64",
"product_id": "python3-brotlipy-0.7.0-150100.3.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:15:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotlipy-0.7.0-150100.3.6.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP1:python3-brotlipy-0.7.0-150100.3.6.1.aarch64"
},
"product_reference": "python3-brotlipy-0.7.0-150100.3.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotlipy-0.7.0-150100.3.6.1.ppc64le as component of SUSE Linux Enterprise Module for Public Cloud 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP1:python3-brotlipy-0.7.0-150100.3.6.1.ppc64le"
},
"product_reference": "python3-brotlipy-0.7.0-150100.3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotlipy-0.7.0-150100.3.6.1.s390x as component of SUSE Linux Enterprise Module for Public Cloud 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP1:python3-brotlipy-0.7.0-150100.3.6.1.s390x"
},
"product_reference": "python3-brotlipy-0.7.0-150100.3.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotlipy-0.7.0-150100.3.6.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP1:python3-brotlipy-0.7.0-150100.3.6.1.x86_64"
},
"product_reference": "python3-brotlipy-0.7.0-150100.3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotlipy-0.7.0-150100.3.6.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP2:python3-brotlipy-0.7.0-150100.3.6.1.aarch64"
},
"product_reference": "python3-brotlipy-0.7.0-150100.3.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotlipy-0.7.0-150100.3.6.1.ppc64le as component of SUSE Linux Enterprise Module for Public Cloud 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP2:python3-brotlipy-0.7.0-150100.3.6.1.ppc64le"
},
"product_reference": "python3-brotlipy-0.7.0-150100.3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotlipy-0.7.0-150100.3.6.1.s390x as component of SUSE Linux Enterprise Module for Public Cloud 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP2:python3-brotlipy-0.7.0-150100.3.6.1.s390x"
},
"product_reference": "python3-brotlipy-0.7.0-150100.3.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotlipy-0.7.0-150100.3.6.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP2:python3-brotlipy-0.7.0-150100.3.6.1.x86_64"
},
"product_reference": "python3-brotlipy-0.7.0-150100.3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-8927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8927"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP1:python3-brotlipy-0.7.0-150100.3.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP1:python3-brotlipy-0.7.0-150100.3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 15 SP1:python3-brotlipy-0.7.0-150100.3.6.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 15 SP1:python3-brotlipy-0.7.0-150100.3.6.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:python3-brotlipy-0.7.0-150100.3.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:python3-brotlipy-0.7.0-150100.3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:python3-brotlipy-0.7.0-150100.3.6.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:python3-brotlipy-0.7.0-150100.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8927",
"url": "https://www.suse.com/security/cve/CVE-2020-8927"
},
{
"category": "external",
"summary": "SUSE Bug 1175825 for CVE-2020-8927",
"url": "https://bugzilla.suse.com/1175825"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP1:python3-brotlipy-0.7.0-150100.3.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP1:python3-brotlipy-0.7.0-150100.3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 15 SP1:python3-brotlipy-0.7.0-150100.3.6.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 15 SP1:python3-brotlipy-0.7.0-150100.3.6.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:python3-brotlipy-0.7.0-150100.3.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:python3-brotlipy-0.7.0-150100.3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:python3-brotlipy-0.7.0-150100.3.6.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:python3-brotlipy-0.7.0-150100.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP1:python3-brotlipy-0.7.0-150100.3.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP1:python3-brotlipy-0.7.0-150100.3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 15 SP1:python3-brotlipy-0.7.0-150100.3.6.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 15 SP1:python3-brotlipy-0.7.0-150100.3.6.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:python3-brotlipy-0.7.0-150100.3.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:python3-brotlipy-0.7.0-150100.3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:python3-brotlipy-0.7.0-150100.3.6.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:python3-brotlipy-0.7.0-150100.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-19T09:50:19Z",
"details": "moderate"
}
],
"title": "CVE-2020-8927"
}
]
}
SUSE-SU-2025:01762-1
Vulnerability from csaf_suse - Published: 2025-05-29 20:55 - Updated: 2025-05-29 20:55Summary
Security update for brotli
Notes
Title of the patch
Security update for brotli
Description of the patch
This update for brotli fixes the following issues:
- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825).
Patchnames
SUSE-2025-1762,SUSE-SUSE-MicroOS-5.1-2025-1762
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for brotli",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for brotli fixes the following issues:\n\n- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-1762,SUSE-SUSE-MicroOS-5.1-2025-1762",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_01762-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:01762-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202501762-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:01762-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-May/039454.html"
},
{
"category": "self",
"summary": "SUSE Bug 1175825",
"url": "https://bugzilla.suse.com/1175825"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8927 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8927/"
}
],
"title": "Security update for brotli",
"tracking": {
"current_release_date": "2025-05-29T20:55:26Z",
"generator": {
"date": "2025-05-29T20:55:26Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:01762-1",
"initial_release_date": "2025-05-29T20:55:26Z",
"revision_history": [
{
"date": "2025-05-29T20:55:26Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libbrotlicommon1-1.0.7-3.3.1.aarch64",
"product": {
"name": "libbrotlicommon1-1.0.7-3.3.1.aarch64",
"product_id": "libbrotlicommon1-1.0.7-3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libbrotlidec1-1.0.7-3.3.1.aarch64",
"product": {
"name": "libbrotlidec1-1.0.7-3.3.1.aarch64",
"product_id": "libbrotlidec1-1.0.7-3.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libbrotlicommon1-1.0.7-3.3.1.s390x",
"product": {
"name": "libbrotlicommon1-1.0.7-3.3.1.s390x",
"product_id": "libbrotlicommon1-1.0.7-3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libbrotlidec1-1.0.7-3.3.1.s390x",
"product": {
"name": "libbrotlidec1-1.0.7-3.3.1.s390x",
"product_id": "libbrotlidec1-1.0.7-3.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libbrotlicommon1-1.0.7-3.3.1.x86_64",
"product": {
"name": "libbrotlicommon1-1.0.7-3.3.1.x86_64",
"product_id": "libbrotlicommon1-1.0.7-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libbrotlidec1-1.0.7-3.3.1.x86_64",
"product": {
"name": "libbrotlidec1-1.0.7-3.3.1.x86_64",
"product_id": "libbrotlidec1-1.0.7-3.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlicommon1-1.0.7-3.3.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libbrotlicommon1-1.0.7-3.3.1.aarch64"
},
"product_reference": "libbrotlicommon1-1.0.7-3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlicommon1-1.0.7-3.3.1.s390x as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libbrotlicommon1-1.0.7-3.3.1.s390x"
},
"product_reference": "libbrotlicommon1-1.0.7-3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlicommon1-1.0.7-3.3.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libbrotlicommon1-1.0.7-3.3.1.x86_64"
},
"product_reference": "libbrotlicommon1-1.0.7-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlidec1-1.0.7-3.3.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libbrotlidec1-1.0.7-3.3.1.aarch64"
},
"product_reference": "libbrotlidec1-1.0.7-3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlidec1-1.0.7-3.3.1.s390x as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libbrotlidec1-1.0.7-3.3.1.s390x"
},
"product_reference": "libbrotlidec1-1.0.7-3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbrotlidec1-1.0.7-3.3.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libbrotlidec1-1.0.7-3.3.1.x86_64"
},
"product_reference": "libbrotlidec1-1.0.7-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-8927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8927"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:libbrotlicommon1-1.0.7-3.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libbrotlicommon1-1.0.7-3.3.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libbrotlicommon1-1.0.7-3.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libbrotlidec1-1.0.7-3.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libbrotlidec1-1.0.7-3.3.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libbrotlidec1-1.0.7-3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8927",
"url": "https://www.suse.com/security/cve/CVE-2020-8927"
},
{
"category": "external",
"summary": "SUSE Bug 1175825 for CVE-2020-8927",
"url": "https://bugzilla.suse.com/1175825"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:libbrotlicommon1-1.0.7-3.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libbrotlicommon1-1.0.7-3.3.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libbrotlicommon1-1.0.7-3.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libbrotlidec1-1.0.7-3.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libbrotlidec1-1.0.7-3.3.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libbrotlidec1-1.0.7-3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:libbrotlicommon1-1.0.7-3.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libbrotlicommon1-1.0.7-3.3.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libbrotlicommon1-1.0.7-3.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libbrotlidec1-1.0.7-3.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libbrotlidec1-1.0.7-3.3.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libbrotlidec1-1.0.7-3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-29T20:55:26Z",
"details": "moderate"
}
],
"title": "CVE-2020-8927"
}
]
}
VAR-202009-1442
Vulnerability from variot - Updated: 2025-12-22 21:19A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits. Description:
Service Telemetry Framework (STF) provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally. Bugs fixed (https://bugzilla.redhat.com/):
2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
- Bugs fixed (https://bugzilla.redhat.com/):
1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 1945703 - "Guest OS Info" availability in VMI describe is flaky 1958816 - [2.6.z] KubeMacPool fails to start due to OOM likely caused by a high number of Pods running in the cluster 1963275 - migration controller null pointer dereference 1965099 - Live Migration double handoff to virt-handler causes connection failures 1965181 - CDI importer doesn't report AwaitingVDDK like it used to 1967086 - Cloning DataVolumes between namespaces fails while creating cdi-upload pod 1967887 - [2.6.6] nmstate is not progressing on a node and not configuring vlan filtering that causes an outage for VMs 1969756 - Windows VMs fail to start on air-gapped environments 1970372 - Virt-handler fails to verify container-disk 1973227 - segfault in virt-controller during pdb deletion 1974084 - 2.6.6 containers 1975212 - No Virtual Machine Templates Found [EDIT - all templates are marked as depracted] 1975727 - [Regression][VMIO][Warm] The third precopy does not end in warm migration 1977756 - [2.6.z] PVC keeps in pending when using hostpath-provisioner 1982760 - [v2v] no kind VirtualMachine is registered for version \"kubevirt.io/v1\" i... 1986989 - OpenShift Virtualization 2.6.z cannot be upgraded to 4.8.0 initially deployed starting with <= 4.8
- Description:
Red Hat Advanced Cluster Management for Kubernetes 2.3.0 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.3/html/release_notes/
Security:
-
fastify-reply-from: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21321)
-
fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21322)
-
nodejs-netmask: improper input validation of octal input data (CVE-2021-28918)
-
redis: Integer overflow via STRALGO LCS command (CVE-2021-29477)
-
redis: Integer overflow via COPY command for large intsets (CVE-2021-29478)
-
nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)
-
nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500)
-
golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing
-
-u- extension (CVE-2020-28851)
-
golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852)
-
nodejs-ansi_up: XSS due to insufficient URL sanitization (CVE-2021-3377)
-
oras: zip-slip vulnerability via oras-pull (CVE-2021-21272)
-
redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309)
-
nodejs-lodash: command injection via template (CVE-2021-23337)
-
nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() (CVE-2021-23362)
-
browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) (CVE-2021-23364)
-
nodejs-postcss: Regular expression denial of service during source map parsing (CVE-2021-23368)
-
nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option (CVE-2021-23369)
-
nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js (CVE-2021-23382)
-
nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option (CVE-2021-23383)
-
openssl: integer overflow in CipherUpdate (CVE-2021-23840)
-
openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841)
-
nodejs-ua-parser-js: ReDoS via malicious User-Agent header (CVE-2021-27292)
-
grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call (CVE-2021-27358)
-
nodejs-is-svg: ReDoS via malicious string (CVE-2021-28092)
-
nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character (CVE-2021-29418)
-
ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482)
-
normalize-url: ReDoS for data URLs (CVE-2021-33502)
-
nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623)
-
nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe (CVE-2021-23343)
-
html-parse-stringify: Regular Expression DoS (CVE-2021-23346)
-
openssl: incorrect SSLv2 rollback protection (CVE-2021-23839)
For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section.
Bugs:
-
RFE Make the source code for the endpoint-metrics-operator public (BZ# 1913444)
-
cluster became offline after apiserver health check (BZ# 1942589)
-
Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension 1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag 1913444 - RFE Make the source code for the endpoint-metrics-operator public 1921286 - CVE-2021-21272 oras: zip-slip vulnerability via oras-pull 1927520 - RHACM 2.3.0 images 1928937 - CVE-2021-23337 nodejs-lodash: command injection via template 1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions 1930294 - CVE-2021-23839 openssl: incorrect SSLv2 rollback protection 1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash() 1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate 1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1936427 - CVE-2021-3377 nodejs-ansi_up: XSS due to insufficient URL sanitization 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1940196 - View Resource YAML option shows 404 error when reviewing a Subscription for an application 1940613 - CVE-2021-27292 nodejs-ua-parser-js: ReDoS via malicious User-Agent header 1941024 - CVE-2021-27358 grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call 1941675 - CVE-2021-23346 html-parse-stringify: Regular Expression DoS 1942178 - CVE-2021-21321 fastify-reply-from: crafted URL allows prefix scape of the proxied backend service 1942182 - CVE-2021-21322 fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service 1942589 - cluster became offline after apiserver health check 1943208 - CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() 1944822 - CVE-2021-29418 nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1945459 - CVE-2020-28469 nodejs-glob-parent: Regular expression denial of service 1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option 1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing 1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js 1954368 - CVE-2021-29482 ulikunitz/xz: Infinite loop in readUvarint allows for denial of service 1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) 1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option 1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe 1957410 - CVE-2021-29477 redis: Integer overflow via STRALGO LCS command 1957414 - CVE-2021-29478 redis: Integer overflow via COPY command for large intsets 1964461 - CVE-2021-33502 normalize-url: ReDoS for data URLs 1966615 - CVE-2021-33623 nodejs-trim-newlines: ReDoS in .end() method 1968122 - clusterdeployment fails because hiveadmission sc does not have correct permissions 1972703 - Subctl fails to join cluster, since it cannot auto-generate a valid cluster id 1983131 - Defragmenting an etcd member doesn't reduce the DB size (7.5GB) on a setup with ~1000 spoke clusters
-
8) - aarch64, ppc64le, s390x, x86_64
-
Description:
Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It is similar in speed with deflate but offers more dense compression. Bugs fixed (https://bugzilla.redhat.com/):
1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve
- JIRA issues fixed (https://issues.jboss.org/):
TRACING-1725 - Elasticsearch operator reports x509 errors communicating with ElasticSearch in OpenShift Service Mesh project
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.13. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHSA-2021:2122
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html
This update fixes the following bug among others:
- Previously, resources for the ClusterOperator were being created early in the update process, which led to update failures when the ClusterOperator had no status condition while Operators were updating. This bug fix changes the timing of when these resources are created. As a result, updates can take place without errors. (BZ#1959238)
Security Fix(es):
- gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
You may download the oc tool and use it to inspect release image metadata as follows:
(For x86_64 architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-x86_64
The image digest is sha256:783a2c963f35ccab38e82e6a8c7fa954c3a4551e07d2f43c06098828dd986ed4
(For s390x architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-s390x
The image digest is sha256:4cf44e68413acad063203e1ee8982fd01d8b9c1f8643a5b31cd7ff341b3199cd
(For ppc64le architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-ppc64le
The image digest is sha256:d47ce972f87f14f1f3c5d50428d2255d1256dae3f45c938ace88547478643e36
All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor
- Solution:
For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923268 - [Assisted-4.7] [Staging] Using two both spelling "canceled" "cancelled" 1947216 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go 1953963 - Enable/Disable host operations returns cluster resource with incomplete hosts list 1957749 - ovn-kubernetes pod should have CPU and memory requests set but not limits 1959238 - CVO creating cloud-controller-manager too early causing upgrade failures 1960103 - SR-IOV obliviously reboot the node 1961941 - Local Storage Operator using LocalVolume CR fails to create PV's when backend storage failure is simulated 1962302 - packageserver clusteroperator does not set reason or message for Available condition 1962312 - Deployment considered unhealthy despite being available and at latest generation 1962435 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone 1963115 - Test verify /run filesystem contents failing
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: .NET 5.0 on RHEL 7 security and bugfix update Advisory ID: RHSA-2022:0828-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0828 Issue date: 2022-03-10 CVE Names: CVE-2020-8927 CVE-2022-24464 CVE-2022-24512 =====================================================================
- Summary:
An update for .NET 5.0 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 5.0.212 and .NET Runtime 5.0.15.
Security Fix(es):
-
dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)
-
dotnet: double parser stack buffer overrun (CVE-2022-24512)
-
brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1879225 - CVE-2020-8927 brotli: buffer overflow when input chunk is larger than 2GiB 2061847 - CVE-2022-24464 dotnet: ASP.NET Denial of Service via FormPipeReader 2061854 - CVE-2022-24512 dotnet: double parser stack buffer overrun
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet50-dotnet-5.0.212-1.el7_9.src.rpm
x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.15-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.15-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.212-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.15-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.212-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.15-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.15-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.15-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.212-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-5.0.212-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.15-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.212-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.212-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet50-dotnet-5.0.212-1.el7_9.src.rpm
x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.15-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.15-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.212-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.15-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.212-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.15-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.15-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.15-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.212-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-5.0.212-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.15-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.212-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.212-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet50-dotnet-5.0.212-1.el7_9.src.rpm
x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.15-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.15-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.212-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.15-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.212-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.15-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.15-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.15-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.212-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-5.0.212-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.15-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.212-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.212-1.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-8927 https://access.redhat.com/security/cve/CVE-2022-24464 https://access.redhat.com/security/cve/CVE-2022-24512 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYippUdzjgjWX9erEAQg6EQ/9GK6dbQFH49s64Guq+KocIoDILIOqShN4 nejZWh+57tXkC+y+zLAPHMeF3+lqwb7RHk11oBbBxTMJirrrDLno0WjRRxFZHphL 1uc0g1N3kuB0OQmNK483zSJ+Yov8GgXNHVPkZE+CYbcOgJo+gQ4xexQKYXh75isv NoPROvTiJlFg5+5746sQBsMF7QOnQmtlJgTkpN+FZuCGBVyyKCezb/eAIZqeqIzj iO+UHFrjcfBOT9+Jw/Vq4LVunTjFnjzVUaQRJZd5muVu8hRmKI3TFZ1dFHvUHob6 OcP6TN35YqgSD28TmO9ZfPyYMoXBmp1hFNFPKy4PevMKoHZSKEIh8Bs8V3AupsXA M7DDaPIoCNlX2G7a++ExmqqvDomKNCA6E5sc+4AOaC3B2buP/WvquQnuDpWHJG5W KsRM++yGpkNtsLIMeflQgN0FRNeH+A0bbaR/g0F+KmO6ihQipE2dCBlJ0kEjSass HETuuQfAf9+GvN3Z/LEOBgknNYNbh/87G25ZZQ81ju06xXqn4AxayWOd5uk2Kt4J HJk3FTBc8AOr5JWZX12YTPw0zbqXkc71rL2FjSUes9iiN+qhI78X6Y93hA0ASTl7 MQOVqjyb6hFyXCGvlTEMk9cIbnpT2uOXmuuHAHyWJYmZzzKSsqp6L3JZ3DbiD8oU lCHDu8J+LH4= =Chyt -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202009-1442",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "visual studio 2019",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.11"
},
{
"model": ".net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.1"
},
{
"model": "powershell",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": ".net",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "powershell",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.2.2"
},
{
"model": "visual studio 2019",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.0"
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.0"
},
{
"model": "visual studio 2022",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.1"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "powershell",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.1"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "powershell",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0.9"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "powershell",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.1.6"
},
{
"model": "brotli",
"scope": "lt",
"trust": 1.0,
"vendor": "google",
"version": "1.0.8"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "20.04"
},
{
"model": "visual studio 2022",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.0.7"
},
{
"model": ".net",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.0.14"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": ".net core",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.1.22"
},
{
"model": "powershell",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8927"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "168011"
},
{
"db": "PACKETSTORM",
"id": "163789"
},
{
"db": "PACKETSTORM",
"id": "163747"
},
{
"db": "PACKETSTORM",
"id": "162688"
},
{
"db": "PACKETSTORM",
"id": "163267"
},
{
"db": "PACKETSTORM",
"id": "163276"
},
{
"db": "PACKETSTORM",
"id": "162877"
},
{
"db": "PACKETSTORM",
"id": "166269"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-910"
}
],
"trust": 1.4
},
"cve": "CVE-2020-8927",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-8927",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-8927",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cve-coordination@google.com",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-8927",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-8927",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cve-coordination@google.com",
"id": "CVE-2020-8927",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202009-910",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-8927",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-8927"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-910"
},
{
"db": "NVD",
"id": "CVE-2020-8927"
},
{
"db": "NVD",
"id": "CVE-2020-8927"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits. Description:\n\nService Telemetry Framework (STF) provides automated collection of\nmeasurements and data from remote clients, such as Red Hat OpenStack\nPlatform or third-party nodes. \nDockerfiles and scripts should be amended either to refer to this new image\nspecifically, or to the latest image generally. Bugs fixed (https://bugzilla.redhat.com/):\n\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve\n1945703 - \"Guest OS Info\" availability in VMI describe is flaky\n1958816 - [2.6.z] KubeMacPool fails to start due to OOM likely caused by a high number of Pods running in the cluster\n1963275 - migration controller null pointer dereference\n1965099 - Live Migration double handoff to virt-handler causes connection failures\n1965181 - CDI importer doesn\u0027t report AwaitingVDDK like it used to\n1967086 - Cloning DataVolumes between namespaces fails while creating cdi-upload pod\n1967887 - [2.6.6] nmstate is not progressing on a node and not configuring vlan filtering that causes an outage for VMs\n1969756 - Windows VMs fail to start on air-gapped environments\n1970372 - Virt-handler fails to verify container-disk\n1973227 - segfault in virt-controller during pdb deletion\n1974084 - 2.6.6 containers\n1975212 - No Virtual Machine Templates Found [EDIT - all templates are marked as depracted]\n1975727 - [Regression][VMIO][Warm] The third precopy does not end in warm migration\n1977756 - [2.6.z] PVC keeps in pending when using hostpath-provisioner\n1982760 - [v2v] no kind VirtualMachine is registered for version \\\"kubevirt.io/v1\\\" i... \n1986989 - OpenShift Virtualization 2.6.z cannot be upgraded to 4.8.0 initially deployed starting with \u003c= 4.8\n\n5. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.3.0 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. See\nthe following Release Notes documentation, which will be updated shortly\nfor this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana\ngement_for_kubernetes/2.3/html/release_notes/\n\nSecurity:\n\n* fastify-reply-from: crafted URL allows prefix scape of the proxied\nbackend service (CVE-2021-21321)\n\n* fastify-http-proxy: crafted URL allows prefix scape of the proxied\nbackend service (CVE-2021-21322)\n\n* nodejs-netmask: improper input validation of octal input data\n(CVE-2021-28918)\n\n* redis: Integer overflow via STRALGO LCS command (CVE-2021-29477)\n\n* redis: Integer overflow via COPY command for large intsets\n(CVE-2021-29478)\n\n* nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)\n\n* nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions\n(CVE-2020-28500)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing\n- -u- extension (CVE-2020-28851)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while processing\nbcp47 tag (CVE-2020-28852)\n\n* nodejs-ansi_up: XSS due to insufficient URL sanitization (CVE-2021-3377)\n\n* oras: zip-slip vulnerability via oras-pull (CVE-2021-21272)\n\n* redis: integer overflow when configurable limit for maximum supported\nbulk input size is too big on 32-bit platforms (CVE-2021-21309)\n\n* nodejs-lodash: command injection via template (CVE-2021-23337)\n\n* nodejs-hosted-git-info: Regular Expression denial of service via\nshortcutMatch in fromUrl() (CVE-2021-23362)\n\n* browserslist: parsing of invalid queries could result in Regular\nExpression Denial of Service (ReDoS) (CVE-2021-23364)\n\n* nodejs-postcss: Regular expression denial of service during source map\nparsing (CVE-2021-23368)\n\n* nodejs-handlebars: Remote code execution when compiling untrusted compile\ntemplates with strict:true option (CVE-2021-23369)\n\n* nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in\nlib/previous-map.js (CVE-2021-23382)\n\n* nodejs-handlebars: Remote code execution when compiling untrusted compile\ntemplates with compat:true option (CVE-2021-23383)\n\n* openssl: integer overflow in CipherUpdate (CVE-2021-23840)\n\n* openssl: NULL pointer dereference in X509_issuer_and_serial_hash()\n(CVE-2021-23841)\n\n* nodejs-ua-parser-js: ReDoS via malicious User-Agent header\n(CVE-2021-27292)\n\n* grafana: snapshot feature allow an unauthenticated remote attacker to\ntrigger a DoS via a remote API call (CVE-2021-27358)\n\n* nodejs-is-svg: ReDoS via malicious string (CVE-2021-28092)\n\n* nodejs-netmask: incorrectly parses an IP address that has octal integer\nwith invalid character (CVE-2021-29418)\n\n* ulikunitz/xz: Infinite loop in readUvarint allows for denial of service\n(CVE-2021-29482)\n\n* normalize-url: ReDoS for data URLs (CVE-2021-33502)\n\n* nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623)\n\n* nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe\n(CVE-2021-23343)\n\n* html-parse-stringify: Regular Expression DoS (CVE-2021-23346)\n\n* openssl: incorrect SSLv2 rollback protection (CVE-2021-23839)\n\nFor more details about the security issues, including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npages listed in the References section. \n\nBugs:\n\n* RFE Make the source code for the endpoint-metrics-operator public (BZ#\n1913444)\n\n* cluster became offline after apiserver health check (BZ# 1942589)\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension\n1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag\n1913444 - RFE Make the source code for the endpoint-metrics-operator public\n1921286 - CVE-2021-21272 oras: zip-slip vulnerability via oras-pull\n1927520 - RHACM 2.3.0 images\n1928937 - CVE-2021-23337 nodejs-lodash: command injection via template\n1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions\n1930294 - CVE-2021-23839 openssl: incorrect SSLv2 rollback protection\n1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash()\n1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate\n1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms\n1936427 - CVE-2021-3377 nodejs-ansi_up: XSS due to insufficient URL sanitization\n1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string\n1940196 - View Resource YAML option shows 404 error when reviewing a Subscription for an application\n1940613 - CVE-2021-27292 nodejs-ua-parser-js: ReDoS via malicious User-Agent header\n1941024 - CVE-2021-27358 grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call\n1941675 - CVE-2021-23346 html-parse-stringify: Regular Expression DoS\n1942178 - CVE-2021-21321 fastify-reply-from: crafted URL allows prefix scape of the proxied backend service\n1942182 - CVE-2021-21322 fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service\n1942589 - cluster became offline after apiserver health check\n1943208 - CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()\n1944822 - CVE-2021-29418 nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character\n1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data\n1945459 - CVE-2020-28469 nodejs-glob-parent: Regular expression denial of service\n1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option\n1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing\n1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js\n1954368 - CVE-2021-29482 ulikunitz/xz: Infinite loop in readUvarint allows for denial of service\n1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS)\n1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option\n1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe\n1957410 - CVE-2021-29477 redis: Integer overflow via STRALGO LCS command\n1957414 - CVE-2021-29478 redis: Integer overflow via COPY command for large intsets\n1964461 - CVE-2021-33502 normalize-url: ReDoS for data URLs\n1966615 - CVE-2021-33623 nodejs-trim-newlines: ReDoS in .end() method\n1968122 - clusterdeployment fails because hiveadmission sc does not have correct permissions\n1972703 - Subctl fails to join cluster, since it cannot auto-generate a valid cluster id\n1983131 - Defragmenting an etcd member doesn\u0027t reduce the DB size (7.5GB) on a setup with ~1000 spoke clusters\n\n5. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nBrotli is a generic-purpose lossless compression algorithm that compresses\ndata using a combination of a modern variant of the LZ77 algorithm, Huffman\ncoding and 2nd order context modeling, with a compression ratio comparable\nto the best currently available general-purpose compression methods. It is\nsimilar in speed with deflate but offers more dense compression. Bugs fixed (https://bugzilla.redhat.com/):\n\n1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers\n1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nTRACING-1725 - Elasticsearch operator reports x509 errors communicating with ElasticSearch in OpenShift Service Mesh project\n\n6. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.7.13. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2021:2122\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nThis update fixes the following bug among others:\n\n* Previously, resources for the ClusterOperator were being created early in\nthe update process, which led to update failures when the ClusterOperator\nhad no status condition while Operators were updating. This bug fix changes\nthe timing of when these resources are created. As a result, updates can\ntake place without errors. (BZ#1959238)\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index\nvalidation (CVE-2021-3121)\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.13-x86_64\n\nThe image digest is\nsha256:783a2c963f35ccab38e82e6a8c7fa954c3a4551e07d2f43c06098828dd986ed4\n\n(For s390x architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.13-s390x\n\nThe image digest is\nsha256:4cf44e68413acad063203e1ee8982fd01d8b9c1f8643a5b31cd7ff341b3199cd\n\n(For ppc64le architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.13-ppc64le\n\nThe image digest is\nsha256:d47ce972f87f14f1f3c5d50428d2255d1256dae3f45c938ace88547478643e36\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\n3. Solution:\n\nFor OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1923268 - [Assisted-4.7] [Staging] Using two both spelling \"canceled\" \"cancelled\"\n1947216 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go\n1953963 - Enable/Disable host operations returns cluster resource with incomplete hosts list\n1957749 - ovn-kubernetes pod should have CPU and memory requests set but not limits\n1959238 - CVO creating cloud-controller-manager too early causing upgrade failures\n1960103 - SR-IOV obliviously reboot the node\n1961941 - Local Storage Operator using LocalVolume CR fails to create PV\u0027s when backend storage failure is simulated\n1962302 - packageserver clusteroperator does not set reason or message for Available condition\n1962312 - Deployment considered unhealthy despite being available and at latest generation\n1962435 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone\n1963115 - Test verify /run filesystem contents failing\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: .NET 5.0 on RHEL 7 security and bugfix update\nAdvisory ID: RHSA-2022:0828-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:0828\nIssue date: 2022-03-10\nCVE Names: CVE-2020-8927 CVE-2022-24464 CVE-2022-24512 \n=====================================================================\n\n1. Summary:\n\nAn update for .NET 5.0 is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET is a managed-software framework. It implements a subset of the .NET\nframework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address security vulnerabilities are now\navailable. The updated versions are .NET SDK 5.0.212 and .NET Runtime\n5.0.15. \n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)\n\n* dotnet: double parser stack buffer overrun (CVE-2022-24512)\n\n* brotli: buffer overflow when input chunk is larger than 2GiB\n(CVE-2020-8927)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1879225 - CVE-2020-8927 brotli: buffer overflow when input chunk is larger than 2GiB\n2061847 - CVE-2022-24464 dotnet: ASP.NET Denial of Service via FormPipeReader\n2061854 - CVE-2022-24512 dotnet: double parser stack buffer overrun\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet50-dotnet-5.0.212-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet50-aspnetcore-runtime-5.0-5.0.15-1.el7_9.x86_64.rpm\nrh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.15-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-5.0.212-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-apphost-pack-5.0-5.0.15-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-debuginfo-5.0.212-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-host-5.0.15-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-hostfxr-5.0-5.0.15-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-runtime-5.0-5.0.15-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-sdk-5.0-5.0.212-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-5.0.212-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-targeting-pack-5.0-5.0.15-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-templates-5.0-5.0.212-1.el7_9.x86_64.rpm\nrh-dotnet50-netstandard-targeting-pack-2.1-5.0.212-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet50-dotnet-5.0.212-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet50-aspnetcore-runtime-5.0-5.0.15-1.el7_9.x86_64.rpm\nrh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.15-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-5.0.212-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-apphost-pack-5.0-5.0.15-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-debuginfo-5.0.212-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-host-5.0.15-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-hostfxr-5.0-5.0.15-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-runtime-5.0-5.0.15-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-sdk-5.0-5.0.212-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-5.0.212-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-targeting-pack-5.0-5.0.15-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-templates-5.0-5.0.212-1.el7_9.x86_64.rpm\nrh-dotnet50-netstandard-targeting-pack-2.1-5.0.212-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet50-dotnet-5.0.212-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet50-aspnetcore-runtime-5.0-5.0.15-1.el7_9.x86_64.rpm\nrh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.15-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-5.0.212-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-apphost-pack-5.0-5.0.15-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-debuginfo-5.0.212-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-host-5.0.15-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-hostfxr-5.0-5.0.15-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-runtime-5.0-5.0.15-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-sdk-5.0-5.0.212-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-5.0.212-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-targeting-pack-5.0-5.0.15-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-templates-5.0-5.0.212-1.el7_9.x86_64.rpm\nrh-dotnet50-netstandard-targeting-pack-2.1-5.0.212-1.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-8927\nhttps://access.redhat.com/security/cve/CVE-2022-24464\nhttps://access.redhat.com/security/cve/CVE-2022-24512\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYippUdzjgjWX9erEAQg6EQ/9GK6dbQFH49s64Guq+KocIoDILIOqShN4\nnejZWh+57tXkC+y+zLAPHMeF3+lqwb7RHk11oBbBxTMJirrrDLno0WjRRxFZHphL\n1uc0g1N3kuB0OQmNK483zSJ+Yov8GgXNHVPkZE+CYbcOgJo+gQ4xexQKYXh75isv\nNoPROvTiJlFg5+5746sQBsMF7QOnQmtlJgTkpN+FZuCGBVyyKCezb/eAIZqeqIzj\niO+UHFrjcfBOT9+Jw/Vq4LVunTjFnjzVUaQRJZd5muVu8hRmKI3TFZ1dFHvUHob6\nOcP6TN35YqgSD28TmO9ZfPyYMoXBmp1hFNFPKy4PevMKoHZSKEIh8Bs8V3AupsXA\nM7DDaPIoCNlX2G7a++ExmqqvDomKNCA6E5sc+4AOaC3B2buP/WvquQnuDpWHJG5W\nKsRM++yGpkNtsLIMeflQgN0FRNeH+A0bbaR/g0F+KmO6ihQipE2dCBlJ0kEjSass\nHETuuQfAf9+GvN3Z/LEOBgknNYNbh/87G25ZZQ81ju06xXqn4AxayWOd5uk2Kt4J\nHJk3FTBc8AOr5JWZX12YTPw0zbqXkc71rL2FjSUes9iiN+qhI78X6Y93hA0ASTl7\nMQOVqjyb6hFyXCGvlTEMk9cIbnpT2uOXmuuHAHyWJYmZzzKSsqp6L3JZ3DbiD8oU\nlCHDu8J+LH4=\n=Chyt\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8927"
},
{
"db": "VULMON",
"id": "CVE-2020-8927"
},
{
"db": "PACKETSTORM",
"id": "168011"
},
{
"db": "PACKETSTORM",
"id": "163789"
},
{
"db": "PACKETSTORM",
"id": "163747"
},
{
"db": "PACKETSTORM",
"id": "162688"
},
{
"db": "PACKETSTORM",
"id": "163267"
},
{
"db": "PACKETSTORM",
"id": "163276"
},
{
"db": "PACKETSTORM",
"id": "162877"
},
{
"db": "PACKETSTORM",
"id": "166269"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-8927",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "162688",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "163267",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "163276",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166269",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021062703",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021071516",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022030848",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022011038",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021062315",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031025",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052033",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021092220",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3444",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4127",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2711",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4058",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1866",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1820",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1015",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2228",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4267",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3141",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2657",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2180",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1723",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2365",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "166270",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "159471",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "163496",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "164192",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202009-910",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-8927",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168011",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163789",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163747",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162877",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-8927"
},
{
"db": "PACKETSTORM",
"id": "168011"
},
{
"db": "PACKETSTORM",
"id": "163789"
},
{
"db": "PACKETSTORM",
"id": "163747"
},
{
"db": "PACKETSTORM",
"id": "162688"
},
{
"db": "PACKETSTORM",
"id": "163267"
},
{
"db": "PACKETSTORM",
"id": "163276"
},
{
"db": "PACKETSTORM",
"id": "162877"
},
{
"db": "PACKETSTORM",
"id": "166269"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-910"
},
{
"db": "NVD",
"id": "CVE-2020-8927"
}
]
},
"id": "VAR-202009-1442",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2025-12-22T21:19:12.320000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "brotli Library Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=129230"
},
{
"title": "Debian Security Advisories: DSA-4801-1 brotli -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=7570b9060b84ef3d6e40a2c027a64477"
},
{
"title": "Red Hat: Important: .NET Core 3.1 on RHEL 7 security and bugfix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220829 - Security Advisory"
},
{
"title": "Red Hat: Important: .NET Core 3.1 security and bugfix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220827 - Security Advisory"
},
{
"title": "Red Hat: Important: .NET 5.0 on RHEL 7 security and bugfix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220828 - Security Advisory"
},
{
"title": "Red Hat: Important: .NET 5.0 security and bugfix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220830 - Security Advisory"
},
{
"title": "Arch Linux Advisories: [ASA-202009-13] brotli: denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202009-13"
},
{
"title": "Arch Linux Advisories: [ASA-202009-12] lib32-brotli: denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202009-12"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-8927 log"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.10.3 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220056 - Security Advisory"
},
{
"title": "CloudGuard-ShiftLeft-CICD-AWS",
"trust": 0.1,
"url": "https://github.com/jaydenaung/CloudGuard-ShiftLeft-CICD-AWS "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-8927"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-910"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-130",
"trust": 1.0
},
{
"problemtype": "CWE-120",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8927"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.debian.org/security/2020/dsa-4801"
},
{
"trust": 1.7,
"url": "https://github.com/google/brotli/releases/tag/v1.0.9"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/4568-1/"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8927"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4togtz2zwdh662znffszvl3m5ajxv6jf/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/w23cuadgmvmqqnfkhphxvp7rpzjznn6i/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/j4e265wkwkymk2ryysixbegztdy5iqe6/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/356joytww4bwsz42seflv7nyhl3s3aeh/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zxeq3gqvela2t4hnzg7vpms2hdvxmjrg/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/mqlm7abvcyjlf6jrpf3m3ebxw63gnc27/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ww62ozey2ghjl4jcoljrbsretxdhmwrk/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/m4vcdojgl6bk3hb4xrd2wetbpyx2itf6/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/mmbkacmlsrx7jjskbtr35uoep2wfr6qp/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.8,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-8927"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/mmbkacmlsrx7jjskbtr35uoep2wfr6qp/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ww62ozey2ghjl4jcoljrbsretxdhmwrk/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/m4vcdojgl6bk3hb4xrd2wetbpyx2itf6/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/j4e265wkwkymk2ryysixbegztdy5iqe6/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/w23cuadgmvmqqnfkhphxvp7rpzjznn6i/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356joytww4bwsz42seflv7nyhl3s3aeh/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zxeq3gqvela2t4hnzg7vpms2hdvxmjrg/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/mqlm7abvcyjlf6jrpf3m3ebxw63gnc27/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4togtz2zwdh662znffszvl3m5ajxv6jf/"
},
{
"trust": 0.7,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2020-8927"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2016-10228"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-27618"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-3326"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-15358"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-29361"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-9169"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-29362"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-13434"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-25013"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-29363"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/brotli-buffer-overflow-via-one-shot-decompression-request-33450"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164192/red-hat-security-advisory-2021-3556-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1015"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1723"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1866"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2657"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1820"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2711"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052033"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4127"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2365"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2180"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3444/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166270/red-hat-security-advisory-2022-0827-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163276/red-hat-security-advisory-2021-2543-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022030848"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166269/red-hat-security-advisory-2022-0828-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163496/red-hat-security-advisory-2021-2705-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159471/ubuntu-security-notice-usn-4568-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2228"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021062703"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021092220"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4267/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162688/red-hat-security-advisory-2021-1702-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6520474"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163267/red-hat-security-advisory-2021-2532-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022011038"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021071516"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021062315"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4058"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3141"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031025"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2017-14502"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-8286"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-28196"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-8231"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-8285"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-2708"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-8284"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-20305"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-27219"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-26116"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-27619"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-3177"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-23336"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3518"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3541"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3520"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3537"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3517"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3516"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3114"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27618"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3449"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28196"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3450"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29362"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29361"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3842"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-24977"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-3842"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-13776"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000858"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-1000858"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-13050"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14889"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13627"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14889"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1730"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20454"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-13627"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25039"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14347"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-25712"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-13543"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9951"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25037"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36242"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25037"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33909"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-32399"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9948"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-13012"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-28935"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25034"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25035"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14866"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14363"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25038"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-13584"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-26137"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14360"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25040"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3560"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25042"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25042"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-12362"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25038"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-25659"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25032"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25041"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-25217"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25036"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25032"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20271"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-25215"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9983"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25036"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25035"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14345"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14344"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25039"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13012"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14346"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25040"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25041"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33910"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25034"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-28500"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-23337"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28500"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26116"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20305"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28362"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8286"
},
{
"trust": 0.2,
"url": "https://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhb"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-28362"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13776"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29363"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23336"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24977"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/120.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3867"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9805"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3894"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9807"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3899"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30761"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8743"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8743"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8823"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3900"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9894"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33938"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8771"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9952"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8846"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24407"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9915"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8783"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8625"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8813"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9806"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3885"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9802"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8764"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22946"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8769"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10018"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9895"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8811"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8819"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3868"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3895"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3865"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33930"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14391"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3864"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9862"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33929"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8835"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8816"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3897"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8808"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8625"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22947"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8766"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11793"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9803"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3521"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9850"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30666"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33928"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30631"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8820"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9893"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8844"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20807"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3902"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5924"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8814"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8812"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8815"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3901"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25032"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30762"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20807"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0778"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15503"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14346"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23240"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12364"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23239"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12363"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13543"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13584"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20201"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3119"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28211"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12364"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28469"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20934"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29418"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33034"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28092"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1730"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29482"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27358"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19906"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23369"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21321"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23368"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11668"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23364"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23343"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21309"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33502"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23841"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23383"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28918"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28851"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23840"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33033"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20934"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28469"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3016"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3377"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21272"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29477"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27292"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23346"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29478"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11668"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23839"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19906"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33623"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21322"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23382"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15903"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1702"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27219"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2532"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3114"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13949"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2543"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13949"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36322"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12114"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12114"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27835"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25704"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3121"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10878"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19528"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0431"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18811"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27783"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19528"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12464"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24330"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14314"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14356"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21643"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27786"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25643"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24331"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24394"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-0431"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-0342"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18811"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30465"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21644"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10543"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25285"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35508"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25212"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28974"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2121"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24332"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10543"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15437"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10878"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11608"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2122"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11608"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21642"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12464"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24512"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24464"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0828"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24464"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24512"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-8927"
},
{
"db": "PACKETSTORM",
"id": "168011"
},
{
"db": "PACKETSTORM",
"id": "163789"
},
{
"db": "PACKETSTORM",
"id": "163747"
},
{
"db": "PACKETSTORM",
"id": "162688"
},
{
"db": "PACKETSTORM",
"id": "163267"
},
{
"db": "PACKETSTORM",
"id": "163276"
},
{
"db": "PACKETSTORM",
"id": "162877"
},
{
"db": "PACKETSTORM",
"id": "166269"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-910"
},
{
"db": "NVD",
"id": "CVE-2020-8927"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-8927"
},
{
"db": "PACKETSTORM",
"id": "168011"
},
{
"db": "PACKETSTORM",
"id": "163789"
},
{
"db": "PACKETSTORM",
"id": "163747"
},
{
"db": "PACKETSTORM",
"id": "162688"
},
{
"db": "PACKETSTORM",
"id": "163267"
},
{
"db": "PACKETSTORM",
"id": "163276"
},
{
"db": "PACKETSTORM",
"id": "162877"
},
{
"db": "PACKETSTORM",
"id": "166269"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-910"
},
{
"db": "NVD",
"id": "CVE-2020-8927"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-15T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8927"
},
{
"date": "2022-08-09T14:36:05",
"db": "PACKETSTORM",
"id": "168011"
},
{
"date": "2021-08-11T16:15:17",
"db": "PACKETSTORM",
"id": "163789"
},
{
"date": "2021-08-06T14:02:37",
"db": "PACKETSTORM",
"id": "163747"
},
{
"date": "2021-05-19T14:17:57",
"db": "PACKETSTORM",
"id": "162688"
},
{
"date": "2021-06-23T16:08:25",
"db": "PACKETSTORM",
"id": "163267"
},
{
"date": "2021-06-24T17:54:53",
"db": "PACKETSTORM",
"id": "163276"
},
{
"date": "2021-06-01T14:45:29",
"db": "PACKETSTORM",
"id": "162877"
},
{
"date": "2022-03-11T16:33:04",
"db": "PACKETSTORM",
"id": "166269"
},
{
"date": "2020-09-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-910"
},
{
"date": "2020-09-15T10:15:12.887000",
"db": "NVD",
"id": "CVE-2020-8927"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-22T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8927"
},
{
"date": "2023-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-910"
},
{
"date": "2024-11-21T05:39:41.370000",
"db": "NVD",
"id": "CVE-2020-8927"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "168011"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-910"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Google brotli Library Buffer error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-910"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-910"
}
],
"trust": 0.6
}
}
CERTFR-2021-AVI-791
Vulnerability from certfr_avis - Published: 2021-10-15 - Updated: 2021-10-15
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Cognos Analytics | IBM Cognos Analytics versions 11.1.x antérieures à 11.1.7 FP3 | ||
| IBM | N/A | CP4S versions 1.7.0 à 1.7.2 antérieures à 1.8.0.0 | ||
| IBM | Cognos Analytics | IBM Cognos Analytics versions 11.2.x antérieures à 11.2.1 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Cognos Analytics versions 11.1.x ant\u00e9rieures \u00e0 11.1.7 FP3",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "CP4S versions 1.7.0 \u00e0 1.7.2 ant\u00e9rieures \u00e0 1.8.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.1",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-25013",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-25013"
},
{
"name": "CVE-2020-8315",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8315"
},
{
"name": "CVE-2021-25215",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25215"
},
{
"name": "CVE-2020-24977",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24977"
},
{
"name": "CVE-2020-13543",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13543"
},
{
"name": "CVE-2021-23364",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23364"
},
{
"name": "CVE-2020-13434",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13434"
},
{
"name": "CVE-2021-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3517"
},
{
"name": "CVE-2021-23336",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23336"
},
{
"name": "CVE-2021-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2163"
},
{
"name": "CVE-2021-3537",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3537"
},
{
"name": "CVE-2021-27290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27290"
},
{
"name": "CVE-2020-8285",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8285"
},
{
"name": "CVE-2021-20271",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20271"
},
{
"name": "CVE-2021-2341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2341"
},
{
"name": "CVE-2017-12620",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12620"
},
{
"name": "CVE-2021-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27219"
},
{
"name": "CVE-2020-8622",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8622"
},
{
"name": "CVE-2020-29362",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29362"
},
{
"name": "CVE-2020-9983",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9983"
},
{
"name": "CVE-2021-1820",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1820"
},
{
"name": "CVE-2018-25011",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25011"
},
{
"name": "CVE-2020-26116",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26116"
},
{
"name": "CVE-2020-8286",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8286"
},
{
"name": "CVE-2020-9951",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9951"
},
{
"name": "CVE-2021-3421",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3421"
},
{
"name": "CVE-2021-20305",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20305"
},
{
"name": "CVE-2021-22918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22918"
},
{
"name": "CVE-2021-20578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20578"
},
{
"name": "CVE-2020-8177",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8177"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2021-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
},
{
"name": "CVE-2021-3450",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3450"
},
{
"name": "CVE-2020-14363",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14363"
},
{
"name": "CVE-2019-2708",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2708"
},
{
"name": "CVE-2020-10878",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10878"
},
{
"name": "CVE-2019-13012",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13012"
},
{
"name": "CVE-2021-29679",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29679"
},
{
"name": "CVE-2020-25648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25648"
},
{
"name": "CVE-2021-2432",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2432"
},
{
"name": "CVE-2020-8624",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8624"
},
{
"name": "CVE-2021-33910",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33910"
},
{
"name": "CVE-2020-8284",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8284"
},
{
"name": "CVE-2020-14362",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14362"
},
{
"name": "CVE-2021-3516",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3516"
},
{
"name": "CVE-2019-3842",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3842"
},
{
"name": "CVE-2021-3449",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3449"
},
{
"name": "CVE-2021-1826",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1826"
},
{
"name": "CVE-2020-8617",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8617"
},
{
"name": "CVE-2017-14502",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14502"
},
{
"name": "CVE-2020-29361",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29361"
},
{
"name": "CVE-2021-1817",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1817"
},
{
"name": "CVE-2021-3520",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3520"
},
{
"name": "CVE-2020-10029",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10029"
},
{
"name": "CVE-2021-2369",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2369"
},
{
"name": "CVE-2020-14347",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14347"
},
{
"name": "CVE-2020-14360",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14360"
},
{
"name": "CVE-2021-1825",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1825"
},
{
"name": "CVE-2020-13776",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13776"
},
{
"name": "CVE-2020-14346",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14346"
},
{
"name": "CVE-2020-14361",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14361"
},
{
"name": "CVE-2020-10543",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10543"
},
{
"name": "CVE-2021-30661",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30661"
},
{
"name": "CVE-2020-8927",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8927"
},
{
"name": "CVE-2020-15358",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
},
{
"name": "CVE-2021-2388",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2388"
},
{
"name": "CVE-2020-29363",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29363"
},
{
"name": "CVE-2021-3609",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3609"
},
{
"name": "CVE-2021-22543",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22543"
},
{
"name": "CVE-2020-13584",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13584"
},
{
"name": "CVE-2020-36328",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36328"
},
{
"name": "CVE-2020-27619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27619"
},
{
"name": "CVE-2020-8492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8492"
},
{
"name": "CVE-2019-9169",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9169"
},
{
"name": "CVE-2020-29573",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29573"
},
{
"name": "CVE-2020-4951",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-4951"
},
{
"name": "CVE-2021-3177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
},
{
"name": "CVE-2020-8231",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8231"
},
{
"name": "CVE-2016-10228",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10228"
},
{
"name": "CVE-2020-28196",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28196"
},
{
"name": "CVE-2021-22555",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22555"
},
{
"name": "CVE-2020-26137",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26137"
},
{
"name": "CVE-2021-25214",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25214"
},
{
"name": "CVE-2021-27218",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27218"
},
{
"name": "CVE-2020-13933",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13933"
},
{
"name": "CVE-2020-14344",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14344"
},
{
"name": "CVE-2021-3541",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3541"
},
{
"name": "CVE-2019-18276",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18276"
},
{
"name": "CVE-2021-3326",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3326"
},
{
"name": "CVE-2020-24332",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24332"
},
{
"name": "CVE-2020-25712",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25712"
},
{
"name": "CVE-2021-29745",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29745"
},
{
"name": "CVE-2020-24330",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24330"
},
{
"name": "CVE-2020-36329",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36329"
},
{
"name": "CVE-2021-29894",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29894"
},
{
"name": "CVE-2020-9948",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9948"
},
{
"name": "CVE-2020-27618",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27618"
},
{
"name": "CVE-2021-23362",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23362"
},
{
"name": "CVE-2020-27783",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27783"
},
{
"name": "CVE-2020-12049",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12049"
},
{
"name": "CVE-2020-28469",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
},
{
"name": "CVE-2021-3518",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3518"
},
{
"name": "CVE-2020-24331",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24331"
},
{
"name": "CVE-2020-14345",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14345"
},
{
"name": "CVE-2020-25692",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25692"
},
{
"name": "CVE-2020-8625",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8625"
}
],
"initial_release_date": "2021-10-15T00:00:00",
"last_revision_date": "2021-10-15T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-791",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-10-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6491661 du 14 octobre 2021",
"url": "https://www.ibm.com/support/pages/node/6491661"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6493729 du 14 octobre 2021",
"url": "https://www.ibm.com/support/pages/node/6493729"
}
]
}
CERTFR-2022-AVI-227
Vulnerability from certfr_avis - Published: 2022-03-09 - Updated: 2022-03-09
De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une exécution de code à distance, un déni de service, une usurpation d'identité, un contournement de la fonctionnalité de sécurité, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft Exchange Server 2013 Cumulative Update 23 | ||
| Microsoft | N/A | Skype Extension pour Chrome | ||
| Microsoft | Azure | Azure Site Recovery VMWare to Azure | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.0 | ||
| Microsoft | N/A | HEIF Image Extension | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 21 | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) | ||
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 11 | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 22 | ||
| Microsoft | N/A | HEVC Video Extensions | ||
| Microsoft | N/A | Raw Image Extension | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | ||
| Microsoft | N/A | VP9 Video Extensions | ||
| Microsoft | N/A | Visual Studio Code | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour systèmes 32 bits | ||
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 10 | ||
| Microsoft | N/A | Microsoft Defender pour Endpoint pour Android | ||
| Microsoft | N/A | HEVC Video Extension | ||
| Microsoft | N/A | Intune Company Portal pour iOS | ||
| Microsoft | N/A | Paint 3D | ||
| Microsoft | N/A | Microsoft Defender pour IoT | ||
| Microsoft | N/A | Microsoft Defender pour Endpoint pour Linux | ||
| Microsoft | N/A | Microsoft Defender pour Endpoint pour Mac | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour systèmes 64 bits |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Exchange Server 2013 Cumulative Update 23",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Skype Extension pour Chrome",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Site Recovery VMWare to Azure",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "HEIF Image Extension",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 21",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 \u2013 16.6)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 11",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 22",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "HEVC Video Extensions",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Raw Image Extension",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "VP9 Video Extensions",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Visual Studio Code",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 10",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Defender pour Endpoint pour Android",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "HEVC Video Extension",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Intune Company Portal pour iOS",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Paint 3D",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Defender pour IoT",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Defender pour Endpoint pour Linux",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Defender pour Endpoint pour Mac",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 64 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-24515",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24515"
},
{
"name": "CVE-2022-24526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24526"
},
{
"name": "CVE-2022-24520",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24520"
},
{
"name": "CVE-2022-24469",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24469"
},
{
"name": "CVE-2022-23266",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23266"
},
{
"name": "CVE-2022-24509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24509"
},
{
"name": "CVE-2022-24519",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24519"
},
{
"name": "CVE-2022-24456",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24456"
},
{
"name": "CVE-2022-24452",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24452"
},
{
"name": "CVE-2022-24453",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24453"
},
{
"name": "CVE-2022-24470",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24470"
},
{
"name": "CVE-2022-24462",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24462"
},
{
"name": "CVE-2022-24501",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24501"
},
{
"name": "CVE-2022-23277",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23277"
},
{
"name": "CVE-2022-24468",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24468"
},
{
"name": "CVE-2022-23282",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23282"
},
{
"name": "CVE-2022-24471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24471"
},
{
"name": "CVE-2022-23300",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23300"
},
{
"name": "CVE-2022-23278",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23278"
},
{
"name": "CVE-2022-23265",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23265"
},
{
"name": "CVE-2022-24464",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24464"
},
{
"name": "CVE-2022-22007",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22007"
},
{
"name": "CVE-2022-24517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24517"
},
{
"name": "CVE-2022-24510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24510"
},
{
"name": "CVE-2022-23295",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23295"
},
{
"name": "CVE-2020-8927",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8927"
},
{
"name": "CVE-2022-24451",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24451"
},
{
"name": "CVE-2022-24461",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24461"
},
{
"name": "CVE-2022-24506",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24506"
},
{
"name": "CVE-2022-24512",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24512"
},
{
"name": "CVE-2022-24511",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24511"
},
{
"name": "CVE-2022-24518",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24518"
},
{
"name": "CVE-2022-24457",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24457"
},
{
"name": "CVE-2022-24522",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24522"
},
{
"name": "CVE-2022-23301",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23301"
},
{
"name": "CVE-2022-24463",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24463"
},
{
"name": "CVE-2022-22006",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22006"
},
{
"name": "CVE-2022-24465",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24465"
},
{
"name": "CVE-2022-24467",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24467"
}
],
"initial_release_date": "2022-03-09T00:00:00",
"last_revision_date": "2022-03-09T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24509 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24509"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24471 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24471"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24518 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24518"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-23282 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23282"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-22006 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22006"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24467 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24467"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24453 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24453"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-23301 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23301"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2020-8927 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-8927"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24515 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24515"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24462 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24462"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24469 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24469"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24520 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24520"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24456 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24456"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-23277 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23277"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24468 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24468"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24512 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24512"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24526 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24526"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24470 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24470"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24517 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24517"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24501 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24501"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-23295 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23295"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-22007 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22007"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24461 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24461"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24465 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24465"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24522 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24522"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24519 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24519"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24463 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24463"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-23278 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23278"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-23265 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23265"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24457 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24457"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-23266 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23266"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24511 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24511"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24452 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24452"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-23300 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23300"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24451 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24451"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24506 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24506"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24510 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24510"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24464 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24464"
}
],
"reference": "CERTFR-2022-AVI-227",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-03-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code \u00e0 distance, un d\u00e9ni de\nservice, une usurpation d\u0027identit\u00e9, un contournement de la\nfonctionnalit\u00e9 de s\u00e9curit\u00e9, une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2022-AVI-226
Vulnerability from certfr_avis - Published: 2022-03-09 - Updated: 2022-03-09
De multiples vulnérabilités ont été corrigées dans Microsoft .Net. Elles permettent à un attaquant de provoquer une exécution de code à distance et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": ".NET Core 3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-24464",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24464"
},
{
"name": "CVE-2020-8927",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8927"
},
{
"name": "CVE-2022-24512",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24512"
}
],
"initial_release_date": "2022-03-09T00:00:00",
"last_revision_date": "2022-03-09T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2020-8927 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-8927"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24512 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24512"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24464 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24464"
}
],
"reference": "CERTFR-2022-AVI-226",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-03-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft .Net\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code \u00e0 distance et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft .Net",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
GSD-2020-8927
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-8927",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"id": "GSD-2020-8927",
"references": [
"https://www.suse.com/security/cve/CVE-2020-8927.html",
"https://www.debian.org/security/2020/dsa-4801",
"https://access.redhat.com/errata/RHSA-2021:1702",
"https://access.redhat.com/errata/RHSA-2022:0830",
"https://access.redhat.com/errata/RHSA-2022:0829",
"https://access.redhat.com/errata/RHSA-2022:0828",
"https://access.redhat.com/errata/RHSA-2022:0827",
"https://ubuntu.com/security/CVE-2020-8927",
"https://advisories.mageia.org/CVE-2020-8927.html",
"https://security.archlinux.org/CVE-2020-8927",
"https://linux.oracle.com/cve/CVE-2020-8927.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-8927"
],
"details": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"id": "GSD-2020-8927",
"modified": "2023-12-13T01:21:53.897551Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2020-8927",
"STATE": "PUBLIC",
"TITLE": "Buffer overflow in Brotli library"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brotli",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "stable",
"version_value": "1.0.7"
}
]
}
}
]
},
"vendor_name": "Google LLC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jay Lv \u003cnengzhi.pnz@antgroup.com\u003e"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-130 Improper Handling of Length Parameter Inconsistency "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/google/brotli/releases/tag/v1.0.9",
"refsource": "CONFIRM",
"url": "https://github.com/google/brotli/releases/tag/v1.0.9"
},
{
"name": "openSUSE-SU-2020:1578",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html"
},
{
"name": "FEDORA-2020-22d278923a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/"
},
{
"name": "USN-4568-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4568-1/"
},
{
"name": "FEDORA-2020-c663fbc46c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/"
},
{
"name": "FEDORA-2020-e21bd401ad",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/"
},
{
"name": "FEDORA-2020-bc9a739f0c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/"
},
{
"name": "FEDORA-2020-9336b65f82",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/"
},
{
"name": "FEDORA-2020-c76a35b209",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/"
},
{
"name": "[debian-lts-announce] 20201201 [SECURITY] [DLA 2476-1] brotli security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html"
},
{
"name": "DSA-4801",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4801"
},
{
"name": "FEDORA-2022-9e046f579a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/"
},
{
"name": "FEDORA-2022-5ecee47acb",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/"
},
{
"name": "FEDORA-2022-d28042f559",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c1.0.8",
"affected_versions": "All versions before 1.0.8",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2020-12-02",
"description": "A buffer overflow exists in the Brotli library where an attacker controlling the input length of a one-shot decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB.",
"fixed_versions": [
"1.0.9"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"CVE-2020-8927"
],
"not_impacted": "All versions starting from 1.0.8",
"package_slug": "conan/brotli",
"pubdate": "2020-09-15",
"solution": "Upgrade to version 1.0.9 or above.",
"title": "Buffer Overflow",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927"
],
"uuid": "8c793170-8c8b-4a88-8601-436bc0a7606b"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "3cfb6c8e-6090-4583-a537-f53ec6c594ee"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "d8d88d84-c627-450b-8727-29249183d1fa"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "13e11d03-ba1e-4493-a826-ed4af68d544d"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "dc858289-2f7c-42a6-b31d-d41b61edc6ea"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.browser-wasm",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "71184543-cf24-47b4-a51d-020b8547bc5e"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-arm",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "9f7e1da4-45e4-4e60-bb5d-53a0e848aa8b"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "e72c8899-418b-4bdd-8b7d-3dafa9b30e71"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "9812fad4-d2b2-422d-8c0d-73c108ad289b"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "2348d3e2-a6a2-4c63-8f13-aba0fb20934f"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.browser-wasm",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "039452b6-76c8-4380-bff7-5979278093d6"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.ios-arm",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "4fd27d65-d6f2-41fe-bd12-0ef8410137f1"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.ios-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "9bd1b961-827b-40ce-b789-33f25e888831"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.iossimulator-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "4aa5c258-b2ee-4002-bd89-7351fbed847f"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.iossimulator-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "4d3a7dee-3874-46e8-9a88-b99d02a2aa48"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.iossimulator-x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "8b19515e-c193-424e-a0b5-1e4de73ce258"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.maccatalyst-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "af13c1e6-2230-4b4e-993c-64622a64b944"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.maccatalyst-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "7b0ee75a-e60e-4213-a4e3-0f094e95e119"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.tvos-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "072eb70e-0224-443f-aa65-bd1fd1373d79"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.tvossimulator-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "e489fc5b-c4c6-4d4d-8d42-a6b7e9969334"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.tvossimulator-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "27fc7862-1335-401e-ae86-b9fd7a163136"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm.Msi.x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "50477955-21c0-4aa0-b5b9-c9906d286184"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "b9b524ce-65bf-4dc9-8fb0-1c947be3eb40"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm64.Msi.x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "429436d7-2afe-49b2-9fd7-254d05972059"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "020d3783-4649-400f-8396-abe017cc4572"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x64.Msi.x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "cbe75b41-b671-440b-9a0a-eccecd08b731"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "4e240a0c-b414-4ae3-9f86-a14c038785dd"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x86.Msi.x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "d84d4273-730e-40ad-99ea-1ebcf4a0c6e7"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "ed023747-4f59-40ba-bc9e-2a3256009f9c"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.browser-wasm.Msi.x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "c4d54248-7a02-4dd4-91f0-64bf7e003a2f"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.browser-wasm",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "7aa8f100-5fc7-446f-bd92-e6e0cbb5c0c5"
},
{
"affected_range": "[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "5a60d28d-21ef-4923-9d5c-b3e70a9fc49e"
},
{
"affected_range": "[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "42ccc8ec-dbe6-4b94-9e45-6da3d730b403"
},
{
"affected_range": "[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.osx-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "c97454f2-c986-4390-ad5e-6029dd059c98"
},
{
"affected_range": "[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "30b0035e-7c8e-4bd2-b5fb-73ccc9f4dea3"
},
{
"affected_range": "[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "8e7fdff4-e7ff-41bb-a05c-d2961ed7d5d8"
},
{
"affected_range": "[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.LLVM.osx-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "4808adf8-f4ac-4e3a-a66e-29efaa869a79"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-arm.Msi.arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "2a890f83-3100-4055-a2d0-23670565ec47"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-arm.Msi.x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "c775a827-b0bf-46fb-aac9-c82e496a4ccd"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-arm.Msi.x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "ebf9cf13-c5fe-43d5-aa61-06796b541a4c"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-arm",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "5518f59a-8800-47dc-be56-19c78eff5316"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-arm64.Msi.arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "817d3f8b-a6e6-4a3f-8a13-e9d3682f0a77"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-arm64.Msi.x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "f5f2c952-72e6-4c6e-93ac-6d0929227344"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-arm64.Msi.x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "bb1dfd69-ddd3-4148-85f7-6be477b470d8"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "2bcebc38-b2ca-45c6-9a75-a59228e774f6"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "93a1d6aa-4b01-4e34-98fd-66f56484c506"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "98b93b6b-09cd-43a1-b3fc-64627ee46862"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "6353f8ad-f637-4a8b-b197-82c3bf53f1d7"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "73fc4515-8c17-4454-84c1-dadac784702e"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-x86.Msi.arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "d53413bc-716d-4b9d-b8c5-a350486e6ac8"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-x86.Msi.x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "a64cc3e0-5904-46cc-952e-0970da3e7f85"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-x86.Msi.x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "81e46feb-52ee-4eb0-8bc4-6bd2f69942d1"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "dc95542c-9b27-476b-a66c-6f2482966218"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "efa3028f-58b3-4fe5-9f65-c143c67e8ff2"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "bf0d54a6-c1ad-4043-a3e3-b90439ac5825"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "78c8e261-cb62-4819-b319-6b23337bb98a"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.browser-wasm",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "9ccb2a7f-d38f-4fb6-b8ce-fbc41a14da87"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.ios-arm.Msi.arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "a75f46b5-f4bd-4ca9-8c27-91c1b8bd35b9"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.ios-arm.Msi.x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "65ab7edc-b0d9-4c0d-b4dc-4135d6b26e3e"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.ios-arm",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "0bc5feb7-054b-43ac-822d-683976d74510"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "2d190e54-75a8-4751-9dfd-dc42d01b332c"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "b333fbe5-1ed4-40f8-94e1-13245ceb7e5b"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "28664e0b-059e-4045-8588-f50407514dd3"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.ios-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "f312ee83-3c67-4ee3-b23a-3393757c15b0"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "1d51c6d6-1f1f-4652-ac98-772f5cd16a69"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "b4434ef7-5b38-4a80-bc1e-64cbff62e10b"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "dc81a0f1-a3a9-4f42-8f2f-10275a34ee40"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "ccbebba2-82ea-49ff-809f-1c67d89bedc5"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64.Msi.arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "1827f9ae-fd8f-4a60-b2dd-41a13e633536"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64.Msi.x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "87e01711-60fb-4271-ba3f-8c852fb94bbe"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64.Msi.x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "758e8466-a0b0-4fff-b9ba-122fbb0e4dde"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "a406594c-31ba-40aa-9a89-50b5e5712d3a"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "f7d82f95-66fb-4a7a-9ae4-4dccced13a1a"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "02b4a8d2-37d3-40fc-9942-56c1d684f553"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "fbb4d9d4-52a0-4849-92da-9da54f45e3b9"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "3841ba2d-df7f-473b-b398-522d989c5b90"
},
{
"affected_range": "[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.linux-arm",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "6352df0c-eb73-4b50-89e8-814572da64b3"
},
{
"affected_range": "[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.linux-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "0e15ab07-5668-4e36-aef1-4e980a9daafc"
},
{
"affected_range": "[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.linux-musl-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "d7fb0dc2-dcf4-44c2-895e-7b42adc1782d"
},
{
"affected_range": "[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.linux-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "d21deab9-3190-4fc3-b445-e797d65e261c"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64.Msi.arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "1c91c6e8-2d40-41b8-96b1-17065c9eb62a"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64.Msi.x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "a36c0b54-32cc-4fd0-955c-a4f8bfd46490"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64.Msi.x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "e60ba79f-642b-4da6-8a32-888b260046a2"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "8c32544d-f2c5-4c80-ad05-a0aac7cd02f8"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "f12b47aa-691e-489b-892b-9c5c2011ae34"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "d28e1481-2d01-4b85-a95f-5f6ba9a651fe"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "e27d4461-1fc7-4475-9d38-0d1204130d65"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "6271e5b4-96e2-44b5-96f4-0aaa2dd89bca"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.osx-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "033efd0f-5fcb-41eb-a19d-eda548ef5d32"
},
{
"affected_range": "[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.osx-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "467552f1-a189-4573-bd42-9c5e8ba989b6"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "fafc6c39-0e05-4d07-93d1-a824b2519889"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "18fb1691-0571-4cdb-823a-0e4d9e20eaeb"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "29cc6f42-908a-4240-a149-9399b4bab215"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.tvos-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "05d55ba3-7d1d-4661-811b-0d1fc48a63e9"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "e46d6528-75c6-45da-ba4a-3ad52fa68cb6"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "6f9a3c82-99c7-41d0-b382-605d11c06001"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "e236c808-d817-4af5-a94d-210b466bab74"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "e47c739c-5e40-4564-af79-f638f75c68c9"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "d1bb85fe-a13f-45bc-9f73-3bb526560fea"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "f96f2f17-9dc6-4e33-ad9d-6ace97b7ee2e"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "55919a40-c2d3-45fe-ac8d-57d0796ca7a7"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "49bc6a25-8f66-45a3-aa21-c9dad0db2355"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.win-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "8256f040-bf1a-405f-a9f2-e7938c318be1"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.win-x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "c0792999-3c30-43a7-b1c0-40d0eb017944"
},
{
"affected_range": "[5.0.0,5.0.15)",
"affected_versions": "All versions starting from 5.0.0 before 5.0.15",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"5.0.15"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 5.0.0, all versions starting from 5.0.15",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.browser-wasm",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 5.0.15 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "625246b9-c53f-4aae-a849-8f0b3ea47337"
},
{
"affected_range": "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"3.1.23",
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.linux-arm",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "512d072d-f164-45c6-88e1-1a0caa3dd99c"
},
{
"affected_range": "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"3.1.23",
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.linux-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "1a087926-ffe8-450a-9410-b3964fa3d109"
},
{
"affected_range": "[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.linux-musl-arm",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "ab1111f6-5ba4-463e-b475-fbc723c0d6d7"
},
{
"affected_range": "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"3.1.23",
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.linux-musl-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "65832883-f345-4cff-9beb-dd5023718717"
},
{
"affected_range": "[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.linux-musl-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "e4c54761-10c7-41e6-9c7f-542975e9b393"
},
{
"affected_range": "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"3.1.23",
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.linux-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "68df4c81-ebe3-4558-a182-6f6cf108b304"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.osx-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "6ac76c67-6bbc-4d10-91ca-a222085b79df"
},
{
"affected_range": "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"3.1.23",
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.osx-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "0c600e02-0809-485c-a853-4e1905ab3eac"
},
{
"affected_range": "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"3.1.23",
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.win-arm",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "805fec2b-bf1e-454f-9b07-ae9b81dc4fdd"
},
{
"affected_range": "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"3.1.23",
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.win-arm64",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "8c1c0453-90ee-4b79-96b2-5a0ec97f709b"
},
{
"affected_range": "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"3.1.23",
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.win-x64",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "d101aa73-1a4d-4b19-85dc-3be3d02bafec"
},
{
"affected_range": "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-120",
"CWE-937"
],
"date": "2022-10-31",
"description": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"fixed_versions": [
"3.1.23",
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2020-8927",
"identifiers": [
"GHSA-5v8v-66v8-mwm7",
"CVE-2020-8927"
],
"not_impacted": "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.win-x86",
"pubdate": "2022-05-24",
"solution": "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.",
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"https://github.com/google/brotli/releases/tag/v1.0.9",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://usn.ubuntu.com/4568-1/",
"https://www.debian.org/security/2020/dsa-4801",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
"https://github.com/bitemyapp/brotli2-rs/issues/45",
"https://rustsec.org/advisories/RUSTSEC-2021-0131.html",
"https://rustsec.org/advisories/RUSTSEC-2021-0132.html",
"https://github.com/github/advisory-database/issues/785",
"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"
],
"uuid": "8fa5d563-01c8-4eaa-8aa8-30c0d22855b9"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:google:brotli:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.8",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.0.14",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.1.22",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.0.9",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.1.6",
"versionStartIncluding": "7.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.2.2",
"versionStartIncluding": "7.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.11",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.0.7",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2022:17.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2020-8927"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/google/brotli/releases/tag/v1.0.9",
"refsource": "CONFIRM",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/google/brotli/releases/tag/v1.0.9"
},
{
"name": "openSUSE-SU-2020:1578",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html"
},
{
"name": "FEDORA-2020-22d278923a",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/"
},
{
"name": "USN-4568-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4568-1/"
},
{
"name": "FEDORA-2020-c663fbc46c",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/"
},
{
"name": "FEDORA-2020-bc9a739f0c",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/"
},
{
"name": "FEDORA-2020-e21bd401ad",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/"
},
{
"name": "FEDORA-2020-9336b65f82",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/"
},
{
"name": "FEDORA-2020-c76a35b209",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/"
},
{
"name": "[debian-lts-announce] 20201201 [SECURITY] [DLA 2476-1] brotli security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html"
},
{
"name": "DSA-4801",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4801"
},
{
"name": "FEDORA-2022-9e046f579a",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/"
},
{
"name": "FEDORA-2022-5ecee47acb",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/"
},
{
"name": "FEDORA-2022-d28042f559",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
},
"lastModifiedDate": "2022-04-22T18:53Z",
"publishedDate": "2020-09-15T10:15Z"
}
}
}
RHSA-2022:0830
Vulnerability from csaf_redhat - Published: 2022-03-10 16:05 - Updated: 2025-11-21 18:29Summary
Red Hat Security Advisory: .NET 5.0 security and bugfix update
Notes
Topic
An update for .NET 5.0 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 5.0.212 and .NET Runtime 5.0.15.
Security Fix(es):
* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)
* dotnet: double parser stack buffer overrun (CVE-2022-24512)
* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for .NET 5.0 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 5.0.212 and .NET Runtime 5.0.15.\n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)\n\n* dotnet: double parser stack buffer overrun (CVE-2022-24512)\n\n* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:0830",
"url": "https://access.redhat.com/errata/RHSA-2022:0830"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1879225",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879225"
},
{
"category": "external",
"summary": "2061847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061847"
},
{
"category": "external",
"summary": "2061854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061854"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0830.json"
}
],
"title": "Red Hat Security Advisory: .NET 5.0 security and bugfix update",
"tracking": {
"current_release_date": "2025-11-21T18:29:11+00:00",
"generator": {
"date": "2025-11-21T18:29:11+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2022:0830",
"initial_release_date": "2022-03-10T16:05:56+00:00",
"revision_history": [
{
"date": "2022-03-10T16:05:56+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-03-10T16:05:56+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:29:11+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat CodeReady Linux Builder (v. 8)",
"product": {
"name": "Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"product": {
"name": "aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"product_id": "aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aspnetcore-runtime-5.0@5.0.15-1.el8_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"product": {
"name": "aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"product_id": "aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aspnetcore-targeting-pack-5.0@5.0.15-1.el8_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"product": {
"name": "dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"product_id": "dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-apphost-pack-5.0@5.0.15-1.el8_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64",
"product": {
"name": "dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64",
"product_id": "dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-hostfxr-5.0@5.0.15-1.el8_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"product": {
"name": "dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"product_id": "dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-runtime-5.0@5.0.15-1.el8_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64",
"product": {
"name": "dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64",
"product_id": "dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-5.0@5.0.212-1.el8_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"product": {
"name": "dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"product_id": "dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-targeting-pack-5.0@5.0.15-1.el8_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64",
"product": {
"name": "dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64",
"product_id": "dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-templates-5.0@5.0.212-1.el8_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64",
"product": {
"name": "dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64",
"product_id": "dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet5.0-debugsource@5.0.212-1.el8_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"product": {
"name": "dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"product_id": "dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-apphost-pack-5.0-debuginfo@5.0.15-1.el8_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"product": {
"name": "dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"product_id": "dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-hostfxr-5.0-debuginfo@5.0.15-1.el8_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"product": {
"name": "dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"product_id": "dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-runtime-5.0-debuginfo@5.0.15-1.el8_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"product": {
"name": "dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"product_id": "dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-5.0-debuginfo@5.0.212-1.el8_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"product": {
"name": "dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"product_id": "dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet5.0-debuginfo@5.0.212-1.el8_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64",
"product": {
"name": "dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64",
"product_id": "dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-5.0-source-built-artifacts@5.0.212-1.el8_5?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "dotnet5.0-0:5.0.212-1.el8_5.src",
"product": {
"name": "dotnet5.0-0:5.0.212-1.el8_5.src",
"product_id": "dotnet5.0-0:5.0.212-1.el8_5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet5.0@5.0.212-1.el8_5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64"
},
"product_reference": "aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64"
},
"product_reference": "aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64"
},
"product_reference": "dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64"
},
"product_reference": "dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64"
},
"product_reference": "dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64"
},
"product_reference": "dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64"
},
"product_reference": "dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64"
},
"product_reference": "dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64"
},
"product_reference": "dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64"
},
"product_reference": "dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64"
},
"product_reference": "dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64"
},
"product_reference": "dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64"
},
"product_reference": "dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet5.0-0:5.0.212-1.el8_5.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src"
},
"product_reference": "dotnet5.0-0:5.0.212-1.el8_5.src",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64"
},
"product_reference": "dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64"
},
"product_reference": "dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64"
},
"product_reference": "aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"relates_to_product_reference": "CRB-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64"
},
"product_reference": "aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"relates_to_product_reference": "CRB-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64"
},
"product_reference": "dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"relates_to_product_reference": "CRB-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64"
},
"product_reference": "dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"relates_to_product_reference": "CRB-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64"
},
"product_reference": "dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64",
"relates_to_product_reference": "CRB-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64"
},
"product_reference": "dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"relates_to_product_reference": "CRB-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64"
},
"product_reference": "dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"relates_to_product_reference": "CRB-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64"
},
"product_reference": "dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"relates_to_product_reference": "CRB-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64"
},
"product_reference": "dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64",
"relates_to_product_reference": "CRB-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64"
},
"product_reference": "dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"relates_to_product_reference": "CRB-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64"
},
"product_reference": "dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64",
"relates_to_product_reference": "CRB-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64"
},
"product_reference": "dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"relates_to_product_reference": "CRB-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64"
},
"product_reference": "dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64",
"relates_to_product_reference": "CRB-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet5.0-0:5.0.212-1.el8_5.src as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src"
},
"product_reference": "dotnet5.0-0:5.0.212-1.el8_5.src",
"relates_to_product_reference": "CRB-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64"
},
"product_reference": "dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"relates_to_product_reference": "CRB-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64"
},
"product_reference": "dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64",
"relates_to_product_reference": "CRB-8.5.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-8927",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2020-09-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1879225"
}
],
"notes": [
{
"category": "description",
"text": "A buffer overflow flaw was found in the Brotli library where an attacker could control the input length of a \"one-shot\" decompression request to a script that can trigger a crash. This issue can happen when copying chunks of data larger than 2 GiB.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "brotli: buffer overflow when input chunk is larger than 2GiB",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src",
"AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src",
"CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8927"
},
{
"category": "external",
"summary": "RHBZ#1879225",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879225"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8927",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8927"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8927"
}
],
"release_date": "2020-08-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-10T16:05:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src",
"AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src",
"CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0830"
},
{
"category": "workaround",
"details": "This flaw can be mitigated by using Streaming API instead of the One-Shot API and imposing chunk size limitations.",
"product_ids": [
"AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src",
"AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src",
"CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src",
"AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src",
"CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "brotli: buffer overflow when input chunk is larger than 2GiB"
},
{
"cve": "CVE-2022-24464",
"cwe": {
"id": "CWE-1173",
"name": "Improper Use of Validation Framework"
},
"discovery_date": "2022-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2061847"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in .NET Core, related to the FormPipeReader. This issue allows remote unauthenticated attackers to cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dotnet: ASP.NET Denial of Service via FormPipeReader",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src",
"AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src",
"CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24464"
},
{
"category": "external",
"summary": "RHBZ#2061847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24464",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24464"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24464",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24464"
},
{
"category": "external",
"summary": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24464",
"url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24464"
}
],
"release_date": "2022-03-08T18:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-10T16:05:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src",
"AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src",
"CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0830"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src",
"AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src",
"CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "dotnet: ASP.NET Denial of Service via FormPipeReader"
},
{
"cve": "CVE-2022-24512",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2022-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2061854"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in dotnet, where a buffer overrun exists in the double parse routine, which could lead to remote code execution. This flaw allows an attacker to execute code remotely on the system, leading to some system compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dotnet: double parser stack buffer overrun",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src",
"AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src",
"CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24512"
},
{
"category": "external",
"summary": "RHBZ#2061854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061854"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24512",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24512"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24512"
},
{
"category": "external",
"summary": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512",
"url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512"
}
],
"release_date": "2022-03-08T18:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-10T16:05:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src",
"AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src",
"CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0830"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src",
"AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src",
"CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "dotnet: double parser stack buffer overrun"
}
]
}
RHSA-2022:0828
Vulnerability from csaf_redhat - Published: 2022-03-10 16:12 - Updated: 2025-11-21 18:29Summary
Red Hat Security Advisory: .NET 5.0 on RHEL 7 security and bugfix update
Notes
Topic
An update for .NET 5.0 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 5.0.212 and .NET Runtime 5.0.15.
Security Fix(es):
* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)
* dotnet: double parser stack buffer overrun (CVE-2022-24512)
* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for .NET 5.0 is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 5.0.212 and .NET Runtime 5.0.15.\n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)\n\n* dotnet: double parser stack buffer overrun (CVE-2022-24512)\n\n* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:0828",
"url": "https://access.redhat.com/errata/RHSA-2022:0828"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1879225",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879225"
},
{
"category": "external",
"summary": "2061847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061847"
},
{
"category": "external",
"summary": "2061854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061854"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0828.json"
}
],
"title": "Red Hat Security Advisory: .NET 5.0 on RHEL 7 security and bugfix update",
"tracking": {
"current_release_date": "2025-11-21T18:29:10+00:00",
"generator": {
"date": "2025-11-21T18:29:10+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2022:0828",
"initial_release_date": "2022-03-10T16:12:40+00:00",
"revision_history": [
{
"date": "2022-03-10T16:12:40+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-03-10T16:12:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:29:10+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-5.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:5.0::el7"
}
}
},
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-5.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:5.0::el7"
}
}
},
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-5.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:5.0::el7"
}
}
}
],
"category": "product_family",
"name": ".NET Core on Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"product_id": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet50-aspnetcore-runtime-5.0@5.0.15-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"product_id": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet50-aspnetcore-targeting-pack-5.0@5.0.15-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64",
"product_id": "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet50-dotnet@5.0.212-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"product_id": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet50-dotnet-apphost-pack-5.0@5.0.15-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64",
"product_id": "rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet50-dotnet-host@5.0.15-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64",
"product_id": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet50-dotnet-hostfxr-5.0@5.0.15-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"product_id": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet50-dotnet-runtime-5.0@5.0.15-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64",
"product_id": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet50-dotnet-sdk-5.0@5.0.212-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64",
"product_id": "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts@5.0.212-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"product_id": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet50-dotnet-targeting-pack-5.0@5.0.15-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64",
"product_id": "rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet50-dotnet-templates-5.0@5.0.212-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64",
"product_id": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet50-netstandard-targeting-pack-2.1@5.0.212-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64",
"product_id": "rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet50-dotnet-debuginfo@5.0.212-1.el7_9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src",
"product": {
"name": "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src",
"product_id": "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet50-dotnet@5.0.212-1.el7_9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src"
},
"product_reference": "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src",
"relates_to_product_reference": "7ComputeNode-dotNET-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src"
},
"product_reference": "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src",
"relates_to_product_reference": "7Server-dotNET-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src"
},
"product_reference": "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src",
"relates_to_product_reference": "7Workstation-dotNET-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-5.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-8927",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2020-09-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1879225"
}
],
"notes": [
{
"category": "description",
"text": "A buffer overflow flaw was found in the Brotli library where an attacker could control the input length of a \"one-shot\" decompression request to a script that can trigger a crash. This issue can happen when copying chunks of data larger than 2 GiB.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "brotli: buffer overflow when input chunk is larger than 2GiB",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8927"
},
{
"category": "external",
"summary": "RHBZ#1879225",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879225"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8927",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8927"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8927"
}
],
"release_date": "2020-08-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-10T16:12:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0828"
},
{
"category": "workaround",
"details": "This flaw can be mitigated by using Streaming API instead of the One-Shot API and imposing chunk size limitations.",
"product_ids": [
"7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "brotli: buffer overflow when input chunk is larger than 2GiB"
},
{
"cve": "CVE-2022-24464",
"cwe": {
"id": "CWE-1173",
"name": "Improper Use of Validation Framework"
},
"discovery_date": "2022-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2061847"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in .NET Core, related to the FormPipeReader. This issue allows remote unauthenticated attackers to cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dotnet: ASP.NET Denial of Service via FormPipeReader",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24464"
},
{
"category": "external",
"summary": "RHBZ#2061847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24464",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24464"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24464",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24464"
},
{
"category": "external",
"summary": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24464",
"url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24464"
}
],
"release_date": "2022-03-08T18:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-10T16:12:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0828"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "dotnet: ASP.NET Denial of Service via FormPipeReader"
},
{
"cve": "CVE-2022-24512",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2022-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2061854"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in dotnet, where a buffer overrun exists in the double parse routine, which could lead to remote code execution. This flaw allows an attacker to execute code remotely on the system, leading to some system compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dotnet: double parser stack buffer overrun",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24512"
},
{
"category": "external",
"summary": "RHBZ#2061854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061854"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24512",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24512"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24512"
},
{
"category": "external",
"summary": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512",
"url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512"
}
],
"release_date": "2022-03-08T18:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-10T16:12:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0828"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64",
"7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64",
"7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64",
"7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "dotnet: double parser stack buffer overrun"
}
]
}
RHSA-2022:0827
Vulnerability from csaf_redhat - Published: 2022-03-10 16:06 - Updated: 2025-11-21 18:29Summary
Red Hat Security Advisory: .NET Core 3.1 security and bugfix update
Notes
Topic
An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.417 and .NET Runtime 3.1.23.
Security Fix(es):
* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)
* dotnet: double parser stack buffer overrun (CVE-2022-24512)
* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.417 and .NET Runtime 3.1.23.\n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)\n\n* dotnet: double parser stack buffer overrun (CVE-2022-24512)\n\n* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:0827",
"url": "https://access.redhat.com/errata/RHSA-2022:0827"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1879225",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879225"
},
{
"category": "external",
"summary": "2061847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061847"
},
{
"category": "external",
"summary": "2061854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061854"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0827.json"
}
],
"title": "Red Hat Security Advisory: .NET Core 3.1 security and bugfix update",
"tracking": {
"current_release_date": "2025-11-21T18:29:10+00:00",
"generator": {
"date": "2025-11-21T18:29:10+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2022:0827",
"initial_release_date": "2022-03-10T16:06:18+00:00",
"revision_history": [
{
"date": "2022-03-10T16:06:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-03-10T16:06:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:29:10+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat CodeReady Linux Builder (v. 8)",
"product": {
"name": "Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"product": {
"name": "aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"product_id": "aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aspnetcore-runtime-3.1@3.1.23-1.el8_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"product": {
"name": "aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"product_id": "aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aspnetcore-targeting-pack-3.1@3.1.23-1.el8_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"product": {
"name": "dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"product_id": "dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-apphost-pack-3.1@3.1.23-1.el8_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64",
"product": {
"name": "dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64",
"product_id": "dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-hostfxr-3.1@3.1.23-1.el8_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"product": {
"name": "dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"product_id": "dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-runtime-3.1@3.1.23-1.el8_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64",
"product": {
"name": "dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64",
"product_id": "dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-3.1@3.1.417-1.el8_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"product": {
"name": "dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"product_id": "dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-targeting-pack-3.1@3.1.23-1.el8_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64",
"product": {
"name": "dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64",
"product_id": "dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-templates-3.1@3.1.417-1.el8_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64",
"product": {
"name": "dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64",
"product_id": "dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet3.1-debugsource@3.1.417-1.el8_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"product": {
"name": "dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"product_id": "dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-apphost-pack-3.1-debuginfo@3.1.23-1.el8_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"product": {
"name": "dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"product_id": "dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-hostfxr-3.1-debuginfo@3.1.23-1.el8_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"product": {
"name": "dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"product_id": "dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-runtime-3.1-debuginfo@3.1.23-1.el8_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"product": {
"name": "dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"product_id": "dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-3.1-debuginfo@3.1.417-1.el8_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"product": {
"name": "dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"product_id": "dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet3.1-debuginfo@3.1.417-1.el8_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64",
"product": {
"name": "dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64",
"product_id": "dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-3.1-source-built-artifacts@3.1.417-1.el8_5?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "dotnet3.1-0:3.1.417-1.el8_5.src",
"product": {
"name": "dotnet3.1-0:3.1.417-1.el8_5.src",
"product_id": "dotnet3.1-0:3.1.417-1.el8_5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet3.1@3.1.417-1.el8_5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64"
},
"product_reference": "aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64"
},
"product_reference": "aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64"
},
"product_reference": "dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64"
},
"product_reference": "dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64"
},
"product_reference": "dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64"
},
"product_reference": "dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64"
},
"product_reference": "dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64"
},
"product_reference": "dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64"
},
"product_reference": "dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64"
},
"product_reference": "dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64"
},
"product_reference": "dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64"
},
"product_reference": "dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64"
},
"product_reference": "dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet3.1-0:3.1.417-1.el8_5.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src"
},
"product_reference": "dotnet3.1-0:3.1.417-1.el8_5.src",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64"
},
"product_reference": "dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64"
},
"product_reference": "dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64"
},
"product_reference": "aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"relates_to_product_reference": "CRB-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64"
},
"product_reference": "aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"relates_to_product_reference": "CRB-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64"
},
"product_reference": "dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"relates_to_product_reference": "CRB-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64"
},
"product_reference": "dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"relates_to_product_reference": "CRB-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64"
},
"product_reference": "dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64",
"relates_to_product_reference": "CRB-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64"
},
"product_reference": "dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"relates_to_product_reference": "CRB-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64"
},
"product_reference": "dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"relates_to_product_reference": "CRB-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64"
},
"product_reference": "dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"relates_to_product_reference": "CRB-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64"
},
"product_reference": "dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64",
"relates_to_product_reference": "CRB-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64"
},
"product_reference": "dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"relates_to_product_reference": "CRB-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64"
},
"product_reference": "dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64",
"relates_to_product_reference": "CRB-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64"
},
"product_reference": "dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"relates_to_product_reference": "CRB-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64"
},
"product_reference": "dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64",
"relates_to_product_reference": "CRB-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet3.1-0:3.1.417-1.el8_5.src as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src"
},
"product_reference": "dotnet3.1-0:3.1.417-1.el8_5.src",
"relates_to_product_reference": "CRB-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64"
},
"product_reference": "dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"relates_to_product_reference": "CRB-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64"
},
"product_reference": "dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64",
"relates_to_product_reference": "CRB-8.5.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-8927",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2020-09-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1879225"
}
],
"notes": [
{
"category": "description",
"text": "A buffer overflow flaw was found in the Brotli library where an attacker could control the input length of a \"one-shot\" decompression request to a script that can trigger a crash. This issue can happen when copying chunks of data larger than 2 GiB.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "brotli: buffer overflow when input chunk is larger than 2GiB",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src",
"AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src",
"CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8927"
},
{
"category": "external",
"summary": "RHBZ#1879225",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879225"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8927",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8927"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8927"
}
],
"release_date": "2020-08-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-10T16:06:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src",
"AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src",
"CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0827"
},
{
"category": "workaround",
"details": "This flaw can be mitigated by using Streaming API instead of the One-Shot API and imposing chunk size limitations.",
"product_ids": [
"AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src",
"AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src",
"CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src",
"AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src",
"CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "brotli: buffer overflow when input chunk is larger than 2GiB"
},
{
"cve": "CVE-2022-24464",
"cwe": {
"id": "CWE-1173",
"name": "Improper Use of Validation Framework"
},
"discovery_date": "2022-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2061847"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in .NET Core, related to the FormPipeReader. This issue allows remote unauthenticated attackers to cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dotnet: ASP.NET Denial of Service via FormPipeReader",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src",
"AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src",
"CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24464"
},
{
"category": "external",
"summary": "RHBZ#2061847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24464",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24464"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24464",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24464"
},
{
"category": "external",
"summary": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24464",
"url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24464"
}
],
"release_date": "2022-03-08T18:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-10T16:06:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src",
"AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src",
"CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0827"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src",
"AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src",
"CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "dotnet: ASP.NET Denial of Service via FormPipeReader"
},
{
"cve": "CVE-2022-24512",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2022-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2061854"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in dotnet, where a buffer overrun exists in the double parse routine, which could lead to remote code execution. This flaw allows an attacker to execute code remotely on the system, leading to some system compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dotnet: double parser stack buffer overrun",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src",
"AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src",
"CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24512"
},
{
"category": "external",
"summary": "RHBZ#2061854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061854"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24512",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24512"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24512"
},
{
"category": "external",
"summary": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512",
"url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512"
}
],
"release_date": "2022-03-08T18:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-10T16:06:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src",
"AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src",
"CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0827"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src",
"AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src",
"CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64",
"CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "dotnet: double parser stack buffer overrun"
}
]
}
RHSA-2021:1702
Vulnerability from csaf_redhat - Published: 2021-05-18 13:42 - Updated: 2025-11-21 18:22Summary
Red Hat Security Advisory: brotli security update
Notes
Topic
An update for brotli is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It is similar in speed with deflate but offers more dense compression.
Security Fix(es):
* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for brotli is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It is similar in speed with deflate but offers more dense compression. \n\nSecurity Fix(es):\n\n* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:1702",
"url": "https://access.redhat.com/errata/RHSA-2021:1702"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/"
},
{
"category": "external",
"summary": "1879225",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879225"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_1702.json"
}
],
"title": "Red Hat Security Advisory: brotli security update",
"tracking": {
"current_release_date": "2025-11-21T18:22:10+00:00",
"generator": {
"date": "2025-11-21T18:22:10+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2021:1702",
"initial_release_date": "2021-05-18T13:42:13+00:00",
"revision_history": [
{
"date": "2021-05-18T13:42:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-05-18T13:42:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:22:10+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.4.0.GA",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "brotli-devel-0:1.0.6-3.el8.aarch64",
"product": {
"name": "brotli-devel-0:1.0.6-3.el8.aarch64",
"product_id": "brotli-devel-0:1.0.6-3.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/brotli-devel@1.0.6-3.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-brotli-0:1.0.6-3.el8.aarch64",
"product": {
"name": "python3-brotli-0:1.0.6-3.el8.aarch64",
"product_id": "python3-brotli-0:1.0.6-3.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-brotli@1.0.6-3.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "brotli-debugsource-0:1.0.6-3.el8.aarch64",
"product": {
"name": "brotli-debugsource-0:1.0.6-3.el8.aarch64",
"product_id": "brotli-debugsource-0:1.0.6-3.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/brotli-debugsource@1.0.6-3.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "brotli-debuginfo-0:1.0.6-3.el8.aarch64",
"product": {
"name": "brotli-debuginfo-0:1.0.6-3.el8.aarch64",
"product_id": "brotli-debuginfo-0:1.0.6-3.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/brotli-debuginfo@1.0.6-3.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64",
"product": {
"name": "python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64",
"product_id": "python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-brotli-debuginfo@1.0.6-3.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "brotli-0:1.0.6-3.el8.aarch64",
"product": {
"name": "brotli-0:1.0.6-3.el8.aarch64",
"product_id": "brotli-0:1.0.6-3.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/brotli@1.0.6-3.el8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "brotli-devel-0:1.0.6-3.el8.ppc64le",
"product": {
"name": "brotli-devel-0:1.0.6-3.el8.ppc64le",
"product_id": "brotli-devel-0:1.0.6-3.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/brotli-devel@1.0.6-3.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-brotli-0:1.0.6-3.el8.ppc64le",
"product": {
"name": "python3-brotli-0:1.0.6-3.el8.ppc64le",
"product_id": "python3-brotli-0:1.0.6-3.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-brotli@1.0.6-3.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "brotli-debugsource-0:1.0.6-3.el8.ppc64le",
"product": {
"name": "brotli-debugsource-0:1.0.6-3.el8.ppc64le",
"product_id": "brotli-debugsource-0:1.0.6-3.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/brotli-debugsource@1.0.6-3.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "brotli-debuginfo-0:1.0.6-3.el8.ppc64le",
"product": {
"name": "brotli-debuginfo-0:1.0.6-3.el8.ppc64le",
"product_id": "brotli-debuginfo-0:1.0.6-3.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/brotli-debuginfo@1.0.6-3.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le",
"product": {
"name": "python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le",
"product_id": "python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-brotli-debuginfo@1.0.6-3.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "brotli-0:1.0.6-3.el8.ppc64le",
"product": {
"name": "brotli-0:1.0.6-3.el8.ppc64le",
"product_id": "brotli-0:1.0.6-3.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/brotli@1.0.6-3.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "brotli-devel-0:1.0.6-3.el8.i686",
"product": {
"name": "brotli-devel-0:1.0.6-3.el8.i686",
"product_id": "brotli-devel-0:1.0.6-3.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/brotli-devel@1.0.6-3.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "brotli-debugsource-0:1.0.6-3.el8.i686",
"product": {
"name": "brotli-debugsource-0:1.0.6-3.el8.i686",
"product_id": "brotli-debugsource-0:1.0.6-3.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/brotli-debugsource@1.0.6-3.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "brotli-debuginfo-0:1.0.6-3.el8.i686",
"product": {
"name": "brotli-debuginfo-0:1.0.6-3.el8.i686",
"product_id": "brotli-debuginfo-0:1.0.6-3.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/brotli-debuginfo@1.0.6-3.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "python3-brotli-debuginfo-0:1.0.6-3.el8.i686",
"product": {
"name": "python3-brotli-debuginfo-0:1.0.6-3.el8.i686",
"product_id": "python3-brotli-debuginfo-0:1.0.6-3.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-brotli-debuginfo@1.0.6-3.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "brotli-0:1.0.6-3.el8.i686",
"product": {
"name": "brotli-0:1.0.6-3.el8.i686",
"product_id": "brotli-0:1.0.6-3.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/brotli@1.0.6-3.el8?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "brotli-devel-0:1.0.6-3.el8.x86_64",
"product": {
"name": "brotli-devel-0:1.0.6-3.el8.x86_64",
"product_id": "brotli-devel-0:1.0.6-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/brotli-devel@1.0.6-3.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-brotli-0:1.0.6-3.el8.x86_64",
"product": {
"name": "python3-brotli-0:1.0.6-3.el8.x86_64",
"product_id": "python3-brotli-0:1.0.6-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-brotli@1.0.6-3.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "brotli-debugsource-0:1.0.6-3.el8.x86_64",
"product": {
"name": "brotli-debugsource-0:1.0.6-3.el8.x86_64",
"product_id": "brotli-debugsource-0:1.0.6-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/brotli-debugsource@1.0.6-3.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "brotli-debuginfo-0:1.0.6-3.el8.x86_64",
"product": {
"name": "brotli-debuginfo-0:1.0.6-3.el8.x86_64",
"product_id": "brotli-debuginfo-0:1.0.6-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/brotli-debuginfo@1.0.6-3.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64",
"product": {
"name": "python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64",
"product_id": "python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-brotli-debuginfo@1.0.6-3.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "brotli-0:1.0.6-3.el8.x86_64",
"product": {
"name": "brotli-0:1.0.6-3.el8.x86_64",
"product_id": "brotli-0:1.0.6-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/brotli@1.0.6-3.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "brotli-devel-0:1.0.6-3.el8.s390x",
"product": {
"name": "brotli-devel-0:1.0.6-3.el8.s390x",
"product_id": "brotli-devel-0:1.0.6-3.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/brotli-devel@1.0.6-3.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-brotli-0:1.0.6-3.el8.s390x",
"product": {
"name": "python3-brotli-0:1.0.6-3.el8.s390x",
"product_id": "python3-brotli-0:1.0.6-3.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-brotli@1.0.6-3.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "brotli-debugsource-0:1.0.6-3.el8.s390x",
"product": {
"name": "brotli-debugsource-0:1.0.6-3.el8.s390x",
"product_id": "brotli-debugsource-0:1.0.6-3.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/brotli-debugsource@1.0.6-3.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "brotli-debuginfo-0:1.0.6-3.el8.s390x",
"product": {
"name": "brotli-debuginfo-0:1.0.6-3.el8.s390x",
"product_id": "brotli-debuginfo-0:1.0.6-3.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/brotli-debuginfo@1.0.6-3.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-brotli-debuginfo-0:1.0.6-3.el8.s390x",
"product": {
"name": "python3-brotli-debuginfo-0:1.0.6-3.el8.s390x",
"product_id": "python3-brotli-debuginfo-0:1.0.6-3.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-brotli-debuginfo@1.0.6-3.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "brotli-0:1.0.6-3.el8.s390x",
"product": {
"name": "brotli-0:1.0.6-3.el8.s390x",
"product_id": "brotli-0:1.0.6-3.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/brotli@1.0.6-3.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "brotli-0:1.0.6-3.el8.src",
"product": {
"name": "brotli-0:1.0.6-3.el8.src",
"product_id": "brotli-0:1.0.6-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/brotli@1.0.6-3.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.aarch64"
},
"product_reference": "brotli-0:1.0.6-3.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-0:1.0.6-3.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.i686"
},
"product_reference": "brotli-0:1.0.6-3.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.ppc64le"
},
"product_reference": "brotli-0:1.0.6-3.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.s390x"
},
"product_reference": "brotli-0:1.0.6-3.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-0:1.0.6-3.el8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.src"
},
"product_reference": "brotli-0:1.0.6-3.el8.src",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.x86_64"
},
"product_reference": "brotli-0:1.0.6-3.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-debuginfo-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.aarch64"
},
"product_reference": "brotli-debuginfo-0:1.0.6-3.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-debuginfo-0:1.0.6-3.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.i686"
},
"product_reference": "brotli-debuginfo-0:1.0.6-3.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-debuginfo-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.ppc64le"
},
"product_reference": "brotli-debuginfo-0:1.0.6-3.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-debuginfo-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.s390x"
},
"product_reference": "brotli-debuginfo-0:1.0.6-3.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-debuginfo-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.x86_64"
},
"product_reference": "brotli-debuginfo-0:1.0.6-3.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-debugsource-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.aarch64"
},
"product_reference": "brotli-debugsource-0:1.0.6-3.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-debugsource-0:1.0.6-3.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.i686"
},
"product_reference": "brotli-debugsource-0:1.0.6-3.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-debugsource-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.ppc64le"
},
"product_reference": "brotli-debugsource-0:1.0.6-3.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-debugsource-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.s390x"
},
"product_reference": "brotli-debugsource-0:1.0.6-3.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-debugsource-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.x86_64"
},
"product_reference": "brotli-debugsource-0:1.0.6-3.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-devel-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.aarch64"
},
"product_reference": "brotli-devel-0:1.0.6-3.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-devel-0:1.0.6-3.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.i686"
},
"product_reference": "brotli-devel-0:1.0.6-3.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-devel-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.ppc64le"
},
"product_reference": "brotli-devel-0:1.0.6-3.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-devel-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.s390x"
},
"product_reference": "brotli-devel-0:1.0.6-3.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-devel-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.x86_64"
},
"product_reference": "brotli-devel-0:1.0.6-3.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotli-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.aarch64"
},
"product_reference": "python3-brotli-0:1.0.6-3.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotli-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.ppc64le"
},
"product_reference": "python3-brotli-0:1.0.6-3.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotli-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.s390x"
},
"product_reference": "python3-brotli-0:1.0.6-3.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotli-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.x86_64"
},
"product_reference": "python3-brotli-0:1.0.6-3.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64"
},
"product_reference": "python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotli-debuginfo-0:1.0.6-3.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.i686"
},
"product_reference": "python3-brotli-debuginfo-0:1.0.6-3.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le"
},
"product_reference": "python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotli-debuginfo-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.s390x"
},
"product_reference": "python3-brotli-debuginfo-0:1.0.6-3.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64"
},
"product_reference": "python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.aarch64"
},
"product_reference": "brotli-0:1.0.6-3.el8.aarch64",
"relates_to_product_reference": "BaseOS-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-0:1.0.6-3.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.i686"
},
"product_reference": "brotli-0:1.0.6-3.el8.i686",
"relates_to_product_reference": "BaseOS-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.ppc64le"
},
"product_reference": "brotli-0:1.0.6-3.el8.ppc64le",
"relates_to_product_reference": "BaseOS-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.s390x"
},
"product_reference": "brotli-0:1.0.6-3.el8.s390x",
"relates_to_product_reference": "BaseOS-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-0:1.0.6-3.el8.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.src"
},
"product_reference": "brotli-0:1.0.6-3.el8.src",
"relates_to_product_reference": "BaseOS-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.x86_64"
},
"product_reference": "brotli-0:1.0.6-3.el8.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-debuginfo-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.aarch64"
},
"product_reference": "brotli-debuginfo-0:1.0.6-3.el8.aarch64",
"relates_to_product_reference": "BaseOS-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-debuginfo-0:1.0.6-3.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.i686"
},
"product_reference": "brotli-debuginfo-0:1.0.6-3.el8.i686",
"relates_to_product_reference": "BaseOS-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-debuginfo-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.ppc64le"
},
"product_reference": "brotli-debuginfo-0:1.0.6-3.el8.ppc64le",
"relates_to_product_reference": "BaseOS-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-debuginfo-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.s390x"
},
"product_reference": "brotli-debuginfo-0:1.0.6-3.el8.s390x",
"relates_to_product_reference": "BaseOS-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-debuginfo-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.x86_64"
},
"product_reference": "brotli-debuginfo-0:1.0.6-3.el8.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-debugsource-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.aarch64"
},
"product_reference": "brotli-debugsource-0:1.0.6-3.el8.aarch64",
"relates_to_product_reference": "BaseOS-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-debugsource-0:1.0.6-3.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.i686"
},
"product_reference": "brotli-debugsource-0:1.0.6-3.el8.i686",
"relates_to_product_reference": "BaseOS-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-debugsource-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.ppc64le"
},
"product_reference": "brotli-debugsource-0:1.0.6-3.el8.ppc64le",
"relates_to_product_reference": "BaseOS-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-debugsource-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.s390x"
},
"product_reference": "brotli-debugsource-0:1.0.6-3.el8.s390x",
"relates_to_product_reference": "BaseOS-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-debugsource-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.x86_64"
},
"product_reference": "brotli-debugsource-0:1.0.6-3.el8.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-devel-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.aarch64"
},
"product_reference": "brotli-devel-0:1.0.6-3.el8.aarch64",
"relates_to_product_reference": "BaseOS-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-devel-0:1.0.6-3.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.i686"
},
"product_reference": "brotli-devel-0:1.0.6-3.el8.i686",
"relates_to_product_reference": "BaseOS-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-devel-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.ppc64le"
},
"product_reference": "brotli-devel-0:1.0.6-3.el8.ppc64le",
"relates_to_product_reference": "BaseOS-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-devel-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.s390x"
},
"product_reference": "brotli-devel-0:1.0.6-3.el8.s390x",
"relates_to_product_reference": "BaseOS-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "brotli-devel-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.x86_64"
},
"product_reference": "brotli-devel-0:1.0.6-3.el8.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotli-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.aarch64"
},
"product_reference": "python3-brotli-0:1.0.6-3.el8.aarch64",
"relates_to_product_reference": "BaseOS-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotli-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.ppc64le"
},
"product_reference": "python3-brotli-0:1.0.6-3.el8.ppc64le",
"relates_to_product_reference": "BaseOS-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotli-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.s390x"
},
"product_reference": "python3-brotli-0:1.0.6-3.el8.s390x",
"relates_to_product_reference": "BaseOS-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotli-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.x86_64"
},
"product_reference": "python3-brotli-0:1.0.6-3.el8.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64"
},
"product_reference": "python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64",
"relates_to_product_reference": "BaseOS-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotli-debuginfo-0:1.0.6-3.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.i686"
},
"product_reference": "python3-brotli-debuginfo-0:1.0.6-3.el8.i686",
"relates_to_product_reference": "BaseOS-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le"
},
"product_reference": "python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le",
"relates_to_product_reference": "BaseOS-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotli-debuginfo-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.s390x"
},
"product_reference": "python3-brotli-debuginfo-0:1.0.6-3.el8.s390x",
"relates_to_product_reference": "BaseOS-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64"
},
"product_reference": "python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-8927",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2020-09-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1879225"
}
],
"notes": [
{
"category": "description",
"text": "A buffer overflow flaw was found in the Brotli library where an attacker could control the input length of a \"one-shot\" decompression request to a script that can trigger a crash. This issue can happen when copying chunks of data larger than 2 GiB.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "brotli: buffer overflow when input chunk is larger than 2GiB",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.aarch64",
"AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.i686",
"AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.ppc64le",
"AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.s390x",
"AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.src",
"AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.x86_64",
"AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.aarch64",
"AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.i686",
"AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.ppc64le",
"AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.s390x",
"AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.x86_64",
"AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.aarch64",
"AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.i686",
"AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.ppc64le",
"AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.s390x",
"AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.x86_64",
"AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.aarch64",
"AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.i686",
"AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.ppc64le",
"AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.s390x",
"AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.x86_64",
"AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.aarch64",
"AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.ppc64le",
"AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.s390x",
"AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.x86_64",
"AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64",
"AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.i686",
"AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le",
"AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.s390x",
"AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64",
"BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.aarch64",
"BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.i686",
"BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.ppc64le",
"BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.s390x",
"BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.src",
"BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.x86_64",
"BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.aarch64",
"BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.i686",
"BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.ppc64le",
"BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.s390x",
"BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.x86_64",
"BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.aarch64",
"BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.i686",
"BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.ppc64le",
"BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.s390x",
"BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.x86_64",
"BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.aarch64",
"BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.i686",
"BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.ppc64le",
"BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.s390x",
"BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.x86_64",
"BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.aarch64",
"BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.ppc64le",
"BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.s390x",
"BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.x86_64",
"BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64",
"BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.i686",
"BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le",
"BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.s390x",
"BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8927"
},
{
"category": "external",
"summary": "RHBZ#1879225",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879225"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8927",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8927"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8927"
}
],
"release_date": "2020-08-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T13:42:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.aarch64",
"AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.i686",
"AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.ppc64le",
"AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.s390x",
"AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.src",
"AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.x86_64",
"AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.aarch64",
"AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.i686",
"AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.ppc64le",
"AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.s390x",
"AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.x86_64",
"AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.aarch64",
"AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.i686",
"AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.ppc64le",
"AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.s390x",
"AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.x86_64",
"AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.aarch64",
"AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.i686",
"AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.ppc64le",
"AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.s390x",
"AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.x86_64",
"AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.aarch64",
"AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.ppc64le",
"AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.s390x",
"AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.x86_64",
"AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64",
"AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.i686",
"AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le",
"AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.s390x",
"AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64",
"BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.aarch64",
"BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.i686",
"BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.ppc64le",
"BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.s390x",
"BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.src",
"BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.x86_64",
"BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.aarch64",
"BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.i686",
"BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.ppc64le",
"BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.s390x",
"BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.x86_64",
"BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.aarch64",
"BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.i686",
"BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.ppc64le",
"BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.s390x",
"BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.x86_64",
"BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.aarch64",
"BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.i686",
"BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.ppc64le",
"BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.s390x",
"BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.x86_64",
"BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.aarch64",
"BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.ppc64le",
"BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.s390x",
"BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.x86_64",
"BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64",
"BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.i686",
"BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le",
"BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.s390x",
"BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:1702"
},
{
"category": "workaround",
"details": "This flaw can be mitigated by using Streaming API instead of the One-Shot API and imposing chunk size limitations.",
"product_ids": [
"AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.aarch64",
"AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.i686",
"AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.ppc64le",
"AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.s390x",
"AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.src",
"AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.x86_64",
"AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.aarch64",
"AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.i686",
"AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.ppc64le",
"AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.s390x",
"AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.x86_64",
"AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.aarch64",
"AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.i686",
"AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.ppc64le",
"AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.s390x",
"AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.x86_64",
"AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.aarch64",
"AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.i686",
"AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.ppc64le",
"AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.s390x",
"AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.x86_64",
"AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.aarch64",
"AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.ppc64le",
"AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.s390x",
"AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.x86_64",
"AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64",
"AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.i686",
"AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le",
"AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.s390x",
"AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64",
"BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.aarch64",
"BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.i686",
"BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.ppc64le",
"BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.s390x",
"BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.src",
"BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.x86_64",
"BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.aarch64",
"BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.i686",
"BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.ppc64le",
"BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.s390x",
"BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.x86_64",
"BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.aarch64",
"BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.i686",
"BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.ppc64le",
"BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.s390x",
"BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.x86_64",
"BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.aarch64",
"BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.i686",
"BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.ppc64le",
"BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.s390x",
"BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.x86_64",
"BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.aarch64",
"BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.ppc64le",
"BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.s390x",
"BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.x86_64",
"BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64",
"BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.i686",
"BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le",
"BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.s390x",
"BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.aarch64",
"AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.i686",
"AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.ppc64le",
"AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.s390x",
"AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.src",
"AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.x86_64",
"AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.aarch64",
"AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.i686",
"AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.ppc64le",
"AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.s390x",
"AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.x86_64",
"AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.aarch64",
"AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.i686",
"AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.ppc64le",
"AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.s390x",
"AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.x86_64",
"AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.aarch64",
"AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.i686",
"AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.ppc64le",
"AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.s390x",
"AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.x86_64",
"AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.aarch64",
"AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.ppc64le",
"AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.s390x",
"AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.x86_64",
"AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64",
"AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.i686",
"AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le",
"AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.s390x",
"AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64",
"BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.aarch64",
"BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.i686",
"BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.ppc64le",
"BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.s390x",
"BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.src",
"BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.x86_64",
"BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.aarch64",
"BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.i686",
"BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.ppc64le",
"BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.s390x",
"BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.x86_64",
"BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.aarch64",
"BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.i686",
"BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.ppc64le",
"BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.s390x",
"BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.x86_64",
"BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.aarch64",
"BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.i686",
"BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.ppc64le",
"BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.s390x",
"BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.x86_64",
"BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.aarch64",
"BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.ppc64le",
"BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.s390x",
"BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.x86_64",
"BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64",
"BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.i686",
"BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le",
"BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.s390x",
"BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "brotli: buffer overflow when input chunk is larger than 2GiB"
}
]
}
RHSA-2022:0829
Vulnerability from csaf_redhat - Published: 2022-03-10 16:12 - Updated: 2025-11-21 18:29Summary
Red Hat Security Advisory: .NET Core 3.1 on RHEL 7 security and bugfix update
Notes
Topic
An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.417 and .NET Runtime 3.1.23.
Security Fix(es):
* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)
* dotnet: double parser stack buffer overrun (CVE-2022-24512)
* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.417 and .NET Runtime 3.1.23.\n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)\n\n* dotnet: double parser stack buffer overrun (CVE-2022-24512)\n\n* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:0829",
"url": "https://access.redhat.com/errata/RHSA-2022:0829"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1879225",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879225"
},
{
"category": "external",
"summary": "2061847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061847"
},
{
"category": "external",
"summary": "2061854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061854"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0829.json"
}
],
"title": "Red Hat Security Advisory: .NET Core 3.1 on RHEL 7 security and bugfix update",
"tracking": {
"current_release_date": "2025-11-21T18:29:11+00:00",
"generator": {
"date": "2025-11-21T18:29:11+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2022:0829",
"initial_release_date": "2022-03-10T16:12:05+00:00",
"revision_history": [
{
"date": "2022-03-10T16:12:05+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-03-10T16:12:05+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:29:11+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:3.1::el7"
}
}
},
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:3.1::el7"
}
}
},
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:3.1::el7"
}
}
}
],
"category": "product_family",
"name": ".NET Core on Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"product_id": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet31-aspnetcore-runtime-3.1@3.1.23-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"product_id": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet31-aspnetcore-targeting-pack-3.1@3.1.23-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64",
"product_id": "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet31-dotnet@3.1.417-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"product_id": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-apphost-pack-3.1@3.1.23-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64",
"product_id": "rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-host@3.1.23-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64",
"product_id": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-hostfxr-3.1@3.1.23-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"product_id": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-runtime-3.1@3.1.23-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64",
"product_id": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-sdk-3.1@3.1.417-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64",
"product_id": "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts@3.1.417-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"product_id": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-targeting-pack-3.1@3.1.23-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64",
"product_id": "rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-templates-3.1@3.1.417-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64",
"product_id": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet31-netstandard-targeting-pack-2.1@3.1.417-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64",
"product": {
"name": "rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64",
"product_id": "rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-debuginfo@3.1.417-1.el7_9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src",
"product": {
"name": "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src",
"product_id": "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet31-dotnet@3.1.417-1.el7_9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src"
},
"product_reference": "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src",
"relates_to_product_reference": "7ComputeNode-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src"
},
"product_reference": "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src",
"relates_to_product_reference": "7Server-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src"
},
"product_reference": "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src",
"relates_to_product_reference": "7Workstation-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64"
},
"product_reference": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-3.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-8927",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2020-09-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1879225"
}
],
"notes": [
{
"category": "description",
"text": "A buffer overflow flaw was found in the Brotli library where an attacker could control the input length of a \"one-shot\" decompression request to a script that can trigger a crash. This issue can happen when copying chunks of data larger than 2 GiB.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "brotli: buffer overflow when input chunk is larger than 2GiB",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8927"
},
{
"category": "external",
"summary": "RHBZ#1879225",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879225"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8927",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8927"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8927",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8927"
}
],
"release_date": "2020-08-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-10T16:12:05+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0829"
},
{
"category": "workaround",
"details": "This flaw can be mitigated by using Streaming API instead of the One-Shot API and imposing chunk size limitations.",
"product_ids": [
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "brotli: buffer overflow when input chunk is larger than 2GiB"
},
{
"cve": "CVE-2022-24464",
"cwe": {
"id": "CWE-1173",
"name": "Improper Use of Validation Framework"
},
"discovery_date": "2022-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2061847"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in .NET Core, related to the FormPipeReader. This issue allows remote unauthenticated attackers to cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dotnet: ASP.NET Denial of Service via FormPipeReader",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24464"
},
{
"category": "external",
"summary": "RHBZ#2061847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24464",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24464"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24464",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24464"
},
{
"category": "external",
"summary": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24464",
"url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24464"
}
],
"release_date": "2022-03-08T18:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-10T16:12:05+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0829"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "dotnet: ASP.NET Denial of Service via FormPipeReader"
},
{
"cve": "CVE-2022-24512",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2022-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2061854"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in dotnet, where a buffer overrun exists in the double parse routine, which could lead to remote code execution. This flaw allows an attacker to execute code remotely on the system, leading to some system compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dotnet: double parser stack buffer overrun",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24512"
},
{
"category": "external",
"summary": "RHBZ#2061854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061854"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24512",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24512"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24512"
},
{
"category": "external",
"summary": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512",
"url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512"
}
],
"release_date": "2022-03-08T18:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-10T16:12:05+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0829"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64",
"7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64",
"7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64",
"7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "dotnet: double parser stack buffer overrun"
}
]
}
FKIE_CVE-2020-8927
Vulnerability from fkie_nvd - Published: 2020-09-15 10:15 - Updated: 2024-11-21 05:39
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Summary
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
References
| URL | Tags | ||
|---|---|---|---|
| cve-coordination@google.com | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html | Mailing List, Third Party Advisory | |
| cve-coordination@google.com | https://github.com/google/brotli/releases/tag/v1.0.9 | Release Notes, Third Party Advisory | |
| cve-coordination@google.com | https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html | Mailing List, Third Party Advisory | |
| cve-coordination@google.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/ | ||
| cve-coordination@google.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/ | ||
| cve-coordination@google.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/ | ||
| cve-coordination@google.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/ | ||
| cve-coordination@google.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/ | ||
| cve-coordination@google.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/ | ||
| cve-coordination@google.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/ | ||
| cve-coordination@google.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/ | ||
| cve-coordination@google.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/ | ||
| cve-coordination@google.com | https://usn.ubuntu.com/4568-1/ | Third Party Advisory | |
| cve-coordination@google.com | https://www.debian.org/security/2020/dsa-4801 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/google/brotli/releases/tag/v1.0.9 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4568-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2020/dsa-4801 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| brotli | * | ||
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 20.04 | |
| opensuse | leap | 15.2 | |
| microsoft | .net | * | |
| microsoft | .net_core | * | |
| microsoft | powershell | * | |
| microsoft | powershell | * | |
| microsoft | powershell | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | 17.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:brotli:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A0C4F94-96AA-45AE-A3A6-55DE4FD744E3",
"versionEndExcluding": "1.0.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D986C83E-F055-4861-B3FC-D1AE2662A826",
"versionEndIncluding": "5.0.14",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB57B616-F5BD-47B7-BBD0-AF58976CEE10",
"versionEndIncluding": "3.1.22",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77F72A4A-239D-4362-B42C-2B125FD977AB",
"versionEndExcluding": "7.0.9",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C644EF-33B6-440F-8051-6A0D3C096F67",
"versionEndExcluding": "7.1.6",
"versionStartIncluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD5CE10E-FCBF-4FBA-9B4E-BEB7F7E902A1",
"versionEndExcluding": "7.2.2",
"versionStartIncluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9984FFB-8AFA-438F-B762-B98649B64B23",
"versionEndIncluding": "16.11",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "962BF425-75A7-4743-A3EA-275F8D66A00B",
"versionEndIncluding": "17.0.7",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "950638D8-6997-4058-8A9E-6153A7FC3B32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits."
},
{
"lang": "es",
"value": "Se presenta un desbordamiento del b\u00fafer en la biblioteca Brotli versiones anteriores a 1.0.8, donde un atacante que controla la longitud de entrada de una petici\u00f3n de descompresi\u00f3n \"one-shot\" en un script puede desencadenar un bloqueo, que ocurre cuando se copian fragmentos de datos de m\u00e1s de 2 GiB .\u0026#xa0;Se recomienda actualizar su biblioteca de Brotli a la versi\u00f3n 1.0.8 o posterior.\u0026#xa0;Si no se puede actualizar, recomendamos usar la API \"streaming\" en lugar de la API \"one-shot\" e imponer l\u00edmites de tama\u00f1o de fragmentos"
}
],
"id": "CVE-2020-8927",
"lastModified": "2024-11-21T05:39:41.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "cve-coordination@google.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-15T10:15:12.887",
"references": [
{
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/google/brotli/releases/tag/v1.0.9"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html"
},
{
"source": "cve-coordination@google.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/"
},
{
"source": "cve-coordination@google.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/"
},
{
"source": "cve-coordination@google.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/"
},
{
"source": "cve-coordination@google.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/"
},
{
"source": "cve-coordination@google.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/"
},
{
"source": "cve-coordination@google.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/"
},
{
"source": "cve-coordination@google.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/"
},
{
"source": "cve-coordination@google.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/"
},
{
"source": "cve-coordination@google.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4568-1/"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/google/brotli/releases/tag/v1.0.9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4568-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4801"
}
],
"sourceIdentifier": "cve-coordination@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-130"
}
],
"source": "cve-coordination@google.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
WID-SEC-W-2025-0227
Vulnerability from csaf_certbund - Published: 2021-11-30 23:00 - Updated: 2025-01-30 23:00Summary
IBM QRadar SIEM: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM QRadar Security Information and Event Management (SIEM) bietet Unterstützung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.
Angriff
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM QRadar Security Information and Event Management (SIEM) bietet Unterst\u00fctzung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0227 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2025-0227.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0227 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0227"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6520488 vom 2021-11-30",
"url": "https://www.ibm.com/support/pages/node/6520488"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6520484 vom 2021-11-30",
"url": "https://www.ibm.com/support/pages/node/6520484"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6520490 vom 2021-11-30",
"url": "https://www.ibm.com/support/pages/node/6520490"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6520476 vom 2021-11-30",
"url": "https://www.ibm.com/support/pages/node/6520476"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6520492 vom 2021-11-30",
"url": "https://www.ibm.com/support/pages/node/6520492"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6520478 vom 2021-11-30",
"url": "https://www.ibm.com/support/pages/node/6520478"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6520486 vom 2021-11-30",
"url": "https://www.ibm.com/support/pages/node/6520486"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6520474 vom 2021-11-30",
"url": "https://www.ibm.com/support/pages/node/6520474"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6520472 vom 2021-11-30",
"url": "https://www.ibm.com/support/pages/node/6520472"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6520482 vom 2021-11-30",
"url": "https://www.ibm.com/support/pages/node/6520482"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6520480 vom 2021-11-30",
"url": "https://www.ibm.com/support/pages/node/6520480"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7182001 vom 2025-01-30",
"url": "https://www.ibm.com/support/pages/node/7182001"
}
],
"source_lang": "en-US",
"title": "IBM QRadar SIEM: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-01-30T23:00:00.000+00:00",
"generator": {
"date": "2025-01-31T09:11:30.679+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.10"
}
},
"id": "WID-SEC-W-2025-0227",
"initial_release_date": "2021-11-30T23:00:00.000+00:00",
"revision_history": [
{
"date": "2021-11-30T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-01-30T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "7.3",
"product": {
"name": "IBM QRadar SIEM 7.3",
"product_id": "T014687",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.3"
}
}
},
{
"category": "product_version",
"name": "7.4",
"product": {
"name": "IBM QRadar SIEM 7.4",
"product_id": "T016287",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.4"
}
}
},
{
"category": "product_version",
"name": "7.5.0",
"product": {
"name": "IBM QRadar SIEM 7.5.0",
"product_id": "T023574",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-10228",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2016-10228"
},
{
"cve": "CVE-2017-14502",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2017-14502"
},
{
"cve": "CVE-2017-15713",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2017-15713"
},
{
"cve": "CVE-2018-1000858",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2018-1000858"
},
{
"cve": "CVE-2018-11768",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2018-11768"
},
{
"cve": "CVE-2018-18751",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2018-18751"
},
{
"cve": "CVE-2018-20843",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2018-20843"
},
{
"cve": "CVE-2018-8029",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2018-8029"
},
{
"cve": "CVE-2019-13012",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2019-13012"
},
{
"cve": "CVE-2019-13050",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2019-13050"
},
{
"cve": "CVE-2019-13627",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2019-13627"
},
{
"cve": "CVE-2019-14866",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2019-14866"
},
{
"cve": "CVE-2019-14889",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2019-14889"
},
{
"cve": "CVE-2019-15903",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2019-15903"
},
{
"cve": "CVE-2019-16935",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2019-16935"
},
{
"cve": "CVE-2019-18276",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2019-18276"
},
{
"cve": "CVE-2019-19221",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2019-19221"
},
{
"cve": "CVE-2019-19906",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2019-19906"
},
{
"cve": "CVE-2019-19956",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2019-19956"
},
{
"cve": "CVE-2019-20387",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2019-20387"
},
{
"cve": "CVE-2019-20388",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2019-20388"
},
{
"cve": "CVE-2019-20454",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2019-20454"
},
{
"cve": "CVE-2019-20907",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2019-20907"
},
{
"cve": "CVE-2019-20916",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2019-20916"
},
{
"cve": "CVE-2019-25013",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2019-25013"
},
{
"cve": "CVE-2019-2708",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2019-2708"
},
{
"cve": "CVE-2019-3842",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2019-3842"
},
{
"cve": "CVE-2019-9169",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2019-9169"
},
{
"cve": "CVE-2019-9924",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2019-9924"
},
{
"cve": "CVE-2020-11080",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-11080"
},
{
"cve": "CVE-2020-12362",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-12362"
},
{
"cve": "CVE-2020-12363",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-12363"
},
{
"cve": "CVE-2020-12364",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-12364"
},
{
"cve": "CVE-2020-13434",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-13434"
},
{
"cve": "CVE-2020-13543",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-13543"
},
{
"cve": "CVE-2020-13584",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-13584"
},
{
"cve": "CVE-2020-13776",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-13776"
},
{
"cve": "CVE-2020-13777",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-13777"
},
{
"cve": "CVE-2020-13954",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-13954"
},
{
"cve": "CVE-2020-14352",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-14352"
},
{
"cve": "CVE-2020-14422",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-14422"
},
{
"cve": "CVE-2020-15358",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-15358"
},
{
"cve": "CVE-2020-1730",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-1730"
},
{
"cve": "CVE-2020-24489",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-24489"
},
{
"cve": "CVE-2020-24511",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-24511"
},
{
"cve": "CVE-2020-24512",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-24512"
},
{
"cve": "CVE-2020-24513",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-24513"
},
{
"cve": "CVE-2020-24659",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-24659"
},
{
"cve": "CVE-2020-24977",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-24977"
},
{
"cve": "CVE-2020-26116",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-26116"
},
{
"cve": "CVE-2020-27170",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-27170"
},
{
"cve": "CVE-2020-27618",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-27618"
},
{
"cve": "CVE-2020-27619",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-27619"
},
{
"cve": "CVE-2020-27777",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-27777"
},
{
"cve": "CVE-2020-28196",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-28196"
},
{
"cve": "CVE-2020-29361",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-29361"
},
{
"cve": "CVE-2020-29362",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-29362"
},
{
"cve": "CVE-2020-29363",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-29363"
},
{
"cve": "CVE-2020-7226",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-7226"
},
{
"cve": "CVE-2020-7595",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-7595"
},
{
"cve": "CVE-2020-8177",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-8177"
},
{
"cve": "CVE-2020-8231",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-8231"
},
{
"cve": "CVE-2020-8284",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-8284"
},
{
"cve": "CVE-2020-8285",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-8285"
},
{
"cve": "CVE-2020-8286",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-8286"
},
{
"cve": "CVE-2020-8492",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-8492"
},
{
"cve": "CVE-2020-8648",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-8648"
},
{
"cve": "CVE-2020-8927",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-8927"
},
{
"cve": "CVE-2020-9492",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-9492"
},
{
"cve": "CVE-2020-9948",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-9948"
},
{
"cve": "CVE-2020-9951",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-9951"
},
{
"cve": "CVE-2020-9983",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-9983"
},
{
"cve": "CVE-2021-20271",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-20271"
},
{
"cve": "CVE-2021-20305",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-20305"
},
{
"cve": "CVE-2021-2161",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-2161"
},
{
"cve": "CVE-2021-22555",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-22555"
},
{
"cve": "CVE-2021-22696",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-22696"
},
{
"cve": "CVE-2021-23239",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-23239"
},
{
"cve": "CVE-2021-23240",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-23240"
},
{
"cve": "CVE-2021-23336",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-23336"
},
{
"cve": "CVE-2021-28163",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-28163"
},
{
"cve": "CVE-2021-28165",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-28165"
},
{
"cve": "CVE-2021-28169",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-28169"
},
{
"cve": "CVE-2021-29154",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-29154"
},
{
"cve": "CVE-2021-29425",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-29425"
},
{
"cve": "CVE-2021-29650",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-29650"
},
{
"cve": "CVE-2021-30468",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-30468"
},
{
"cve": "CVE-2021-31811",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-31811"
},
{
"cve": "CVE-2021-31812",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-31812"
},
{
"cve": "CVE-2021-32027",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-32027"
},
{
"cve": "CVE-2021-32028",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-32028"
},
{
"cve": "CVE-2021-32399",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-32399"
},
{
"cve": "CVE-2021-3326",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-3326"
},
{
"cve": "CVE-2021-3347",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-3347"
},
{
"cve": "CVE-2021-33503",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-33503"
},
{
"cve": "CVE-2021-3449",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-3449"
},
{
"cve": "CVE-2021-3450",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-3450"
},
{
"cve": "CVE-2021-3516",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-3516"
},
{
"cve": "CVE-2021-3520",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-3520"
},
{
"cve": "CVE-2021-3541",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-3541"
},
{
"cve": "CVE-2021-3715",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-3715"
},
{
"cve": "CVE-2021-20400",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existiert eine Schwachstelle. Es werden unsichere Kryptoalgorithmen genutzt. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-20400"
},
{
"cve": "CVE-2021-29779",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existiert eine Schwachstelle. Die Schwachstellen ist auf eine fehlende Authentisierung beim Schl\u00fcsselaustausch zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-29779"
},
{
"cve": "CVE-2021-29863",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existiert eine Schwachstelle. Die Schwachstelle ist auf einen unzureichenden Patch zur\u00fcckzuf\u00fchren und erm\u00f6glicht einen Server-Site-Request-Forgery (SSRF)-Angriff. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-29863"
},
{
"cve": "CVE-2021-29849",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existiert eine Cross-Site Scripting Schwachstelle. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter anonymer Angreifer kann durch Ausnutzung dieser Schwachstelle beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-29849"
}
]
}
WID-SEC-W-2025-1170
Vulnerability from csaf_certbund - Published: 2021-05-18 22:00 - Updated: 2025-05-29 22:00Summary
Red Hat Enterprise Linux (Brotli): Schwachstelle ermöglicht Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux in der Komponente Brotli ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux in der Komponente Brotli ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1170 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2025-1170.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1170 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1170"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:1702 vom 2021-05-18",
"url": "https://access.redhat.com/errata/RHSA-2021:1702"
},
{
"category": "external",
"summary": "AVAYA Security Advisory ASA-2021-054 vom 2021-05-19",
"url": "https://downloads.avaya.com/css/P8/documents/101075818"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:2461 vom 2021-06-16",
"url": "https://access.redhat.com/errata/RHSA-2021:2461"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:2479 vom 2021-06-17",
"url": "https://access.redhat.com/errata/RHSA-2021:2479"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:2532 vom 2021-06-23",
"url": "https://access.redhat.com/errata/RHSA-2021:2532"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:2543 vom 2021-06-24",
"url": "https://access.redhat.com/errata/RHSA-2021:2543"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:3016 vom 2021-08-06",
"url": "https://access.redhat.com/errata/RHSA-2021:3016"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:3119 vom 2021-08-10",
"url": "https://access.redhat.com/errata/RHSA-2021:3119"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:3556 vom 2021-09-17",
"url": "https://access.redhat.com/errata/RHSA-2021:3556"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:3942-1 vom 2021-12-06",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-December/009849.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:0829 vom 2022-03-10",
"url": "https://access.redhat.com/errata/RHSA-2022:0829"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:0827 vom 2022-03-10",
"url": "https://access.redhat.com/errata/RHSA-2022:0827"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:0056 vom 2022-03-10",
"url": "https://access.redhat.com/errata/RHSA-2022:0056"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:0828 vom 2022-03-10",
"url": "https://access.redhat.com/errata/RHSA-2022:0828"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01762-1 vom 2025-05-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020980.html"
}
],
"source_lang": "en-US",
"title": "Red Hat Enterprise Linux (Brotli): Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2025-05-29T22:00:00.000+00:00",
"generator": {
"date": "2025-05-30T10:54:43.583+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-1170",
"initial_release_date": "2021-05-18T22:00:00.000+00:00",
"revision_history": [
{
"date": "2021-05-18T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2021-05-20T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von AVAYA aufgenommen"
},
{
"date": "2021-06-16T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-06-17T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-06-23T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-06-24T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-08-05T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-08-10T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-09-16T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-12-06T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-03-10T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-05-29T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "12"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "8",
"product": {
"name": "Red Hat Enterprise Linux 8",
"product_id": "T014111",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-8927",
"product_status": {
"known_affected": [
"T002207",
"T014111"
]
},
"release_date": "2021-05-18T22:00:00.000+00:00",
"title": "CVE-2020-8927"
}
]
}
GHSA-5V8V-66V8-MWM7
Vulnerability from github – Published: 2022-05-24 17:28 – Updated: 2024-09-16 13:48
VLAI?
Summary
Integer overflow in the bundled Brotli C library
Details
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
Severity ?
6.5 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "compu-brotli-sys"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.linux-arm"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.1.23"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.linux-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.1.23"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.linux-musl-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.1.23"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.linux-x64"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.1.23"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.osx-x64"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.1.23"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.win-arm"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.1.23"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.win-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.1.23"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.win-x64"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.1.23"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.win-x86"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.1.23"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-x64"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.osx-x64"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-x64"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.LLVM.osx-x64"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.linux-arm"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.linux-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.linux-musl-x64"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.linux-x64"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.osx-x64"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.browser-wasm"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.linux-arm"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.linux-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.linux-musl-arm"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.linux-musl-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.linux-musl-x64"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.linux-x64"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.osx-x64"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.win-arm"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.win-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.win-x64"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.win-x86"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.browser-wasm"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-arm"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.browser-wasm"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.ios-arm"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.ios-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.iossimulator-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.iossimulator-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.iossimulator-x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.maccatalyst-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.maccatalyst-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.tvos-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.tvossimulator-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.tvossimulator-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm.Msi.x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm64.Msi.x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x64.Msi.x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x86.Msi.x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.browser-wasm"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.browser-wasm.Msi.x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.osx-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.LLVM.osx-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.android-arm"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.android-arm.Msi.arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.android-arm.Msi.x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.android-arm.Msi.x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.android-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.android-arm64.Msi.arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.android-arm64.Msi.x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.android-arm64.Msi.x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.android-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.android-x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.android-x86.Msi.arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.android-x86.Msi.x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.android-x86.Msi.x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.browser-wasm"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.ios-arm"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.ios-arm.Msi.arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.ios-arm.Msi.x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.ios-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64.Msi.arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64.Msi.x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64.Msi.x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.linux-arm"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.linux-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.linux-musl-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.linux-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64.Msi.arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64.Msi.x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64.Msi.x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.osx-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.osx-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.tvos-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.win-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.win-x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.linux-arm"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.linux-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.linux-musl-arm"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.linux-musl-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.linux-musl-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.linux-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.osx-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.osx-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.win-arm"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.win-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.win-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.win-x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "brotli"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-8927"
],
"database_specific": {
"cwe_ids": [
"CWE-120"
],
"github_reviewed": true,
"github_reviewed_at": "2022-06-16T23:47:42Z",
"nvd_published_at": "2020-09-15T10:15:00Z",
"severity": "MODERATE"
},
"details": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"id": "GHSA-5v8v-66v8-mwm7",
"modified": "2024-09-16T13:48:46Z",
"published": "2022-05-24T17:28:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8927"
},
{
"type": "WEB",
"url": "https://github.com/bitemyapp/brotli2-rs/issues/45"
},
{
"type": "WEB",
"url": "https://github.com/github/advisory-database/issues/785"
},
{
"type": "WEB",
"url": "https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4801"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4568-1"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0132.html"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0131.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/brotli/PYSEC-2020-29.yaml"
},
{
"type": "WEB",
"url": "https://github.com/google/brotli/releases/tag/v1.0.9"
},
{
"type": "WEB",
"url": "https://github.com/google/brotli/releases/tag/v1.0.8"
},
{
"type": "PACKAGE",
"url": "https://github.com/bitemyapp/brotli2-rs"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Integer overflow in the bundled Brotli C library"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…