{"id":"CVE-2020-8927","details":"A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.","aliases":["BIT-brotli-2020-8927","BIT-dotnet-2020-8927","BIT-dotnet-sdk-2020-8927","BIT-powershell-2020-8927","CVE-2020-36846","GHSA-5v8v-66v8-mwm7","GO-2025-3726","PYSEC-2020-29","RUSTSEC-2021-0131","RUSTSEC-2021-0132"],"modified":"2026-04-10T04:28:33.119817Z","published":"2020-09-15T10:15:12.887Z","related":["ALSA-2021:1702","ALSA-2022:0827","ALSA-2022:0830","CGA-wwxx-79x9-pxv3","MGASA-2020-0385","SUSE-SU-2021:3942-1","SUSE-SU-2023:3669-1","SUSE-SU-2023:3670-1","SUSE-SU-2023:3827-1","SUSE-SU-2024:1968-1","SUSE-SU-2025:01762-1","openSUSE-SU-2020:1578-1","openSUSE-SU-2021:3942-1","openSUSE-SU-2024:11708-1","openSUSE-SU-2024:13224-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4568-1/"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html"},{"type":"ADVISORY","url":"https://github.com/google/brotli/releases/tag/v1.0.9"},{"type":"ADVISORY","url":"https://www.debian.org/security/2020/dsa-4801"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/dotnet/core","events":[{"introduced":"0"},{"last_affected":"e18becd6171b8eb0eb4ec7ea8a0280cacfcee36b"},{"introduced":"0"},{"last_affected":"0e06b3b745aaf3f2f96e5f163773d20f8c7f7f50"},{"introduced":"62bcac3998e1168f4a34b775a06d6451b5ffca7b"},{"last_affected":"c01985a0f4aa6036831dae2088fc33d9297a5f08"},{"introduced":"5c0a0489d157ca82fca6f9b73c682f118e8c4a8a"},{"last_affected":"5ab95474faeba1ca47e19a83c46b73d1a10b7f77"},{"introduced":"63772e2191a750dd3cafa75914cacdb038c7520c"},{"fixed":"7971fb8b132725dfb213f23794998d4d2fa4d7ae"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"9.0"},{"introduced":"0"},{"last_affected":"10.0"},{"introduced":"5.0"},{"last_affected":"5.0.14"},{"introduced":"3.1"},{"last_affected":"3.1.22"},{"introduced":"7.0"},{"fixed":"7.0.9"}]}},{"type":"GIT","repo":"https://github.com/google/brotli","events":[{"introduced":"0"},{"fixed":"db361a0bb901d6a71c7cbf1370d97b3703482e3b"},{"fixed":"e61745a6b7add50d380cfd7d3883dd6c62fc2c71"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.0.8"}]}},{"type":"GIT","repo":"https://github.com/powershell/powershell","events":[{"introduced":"fa01333bfeef5dd7769143e2b4ec7ffdb70c62c8"},{"fixed":"dc703cb4aa619e31f2f48f2b9bf613e9aa6cff76"},{"introduced":"bec5c36d9da67bfcf5b88834f03b326c89f100c5"},{"fixed":"2bbf08166ff49469988420af883407e1dd1ef4ed"}],"database_specific":{"versions":[{"introduced":"7.1"},{"fixed":"7.1.6"},{"introduced":"7.2"},{"fixed":"7.2.2"}]}}],"versions":["v0.1.0","v0.2.0","v0.3.0","v0.4.0","v0.6.0","v1.0.0","v1.0.1","v1.0.2","v1.0.3","v1.0.4","v1.0.5","v1.0.6","v1.0.7","v1.0.8","v10.0.0","v10.0.0-preview.1","v10.0.0-preview.2","v10.0.0-preview.3","v10.0.0-preview.4","v10.0.0-preview.5","v10.0.0-preview.6","v10.0.0-preview.7","v10.0.0-rc.1","v10.0.0-rc.2","v2.1.24","v2.1.25","v2.1.29","v2.1.30","v3.1.10","v3.1.11","v3.1.12","v3.1.13","v3.1.14","v3.1.15","v3.1.16","v3.1.17","v3.1.18","v3.1.19","v3.1.20","v3.1.21","v3.1.22","v3.1.31","v3.1.32","v5.0.0","v5.0.1","v5.0.10","v5.0.11","v5.0.12","v5.0.13","v5.0.14","v5.0.2","v5.0.3","v5.0.4","v5.0.5","v5.0.6","v5.0.7","v5.0.8","v5.0.9","v6.0.0","v6.0.0-preview.1","v6.0.0-preview.2","v6.0.0-preview.3","v6.0.0-preview.4","v6.0.0-preview.5","v6.0.0-preview.6","v6.0.0-preview.7","v6.0.0-rc.1","v6.0.0-rc.2","v6.0.1","v6.0.11","v6.0.12","v6.0.13","v6.0.14","v6.0.15","v6.0.16","v6.0.18","v6.0.19","v6.0.2","v6.0.20","v6.0.21","v6.0.22","v6.0.23","v6.0.24","v6.0.25","v6.0.26","v6.0.27","v6.0.28","v6.0.29","v6.0.30","v6.0.31","v6.0.32","v6.0.33","v6.0.35","v6.0.36","v7.0.0","v7.0.1","v7.0.10","v7.0.11","v7.0.12","v7.0.13","v7.0.14","v7.0.15","v7.0.16","v7.0.17","v7.0.18","v7.0.19","v7.0.2","v7.0.20","v7.0.3","v7.0.4","v7.0.5","v7.0.7","v7.0.8","v7.0.9","v7.1.0","v7.1.1","v7.1.2","v7.1.3","v7.1.4","v7.1.5","v7.2.0","v7.2.1","v8.0.0","v8.0.0-preview.1","v8.0.0-preview.2","v8.0.0-preview.3","v8.0.0-preview.4","v8.0.0-preview.5","v8.0.0-preview.6","v8.0.0-preview.7","v8.0.0-rc.1","v8.0.0-rc.2","v8.0.1","v8.0.10","v8.0.11","v8.0.12","v8.0.13","v8.0.14","v8.0.15","v8.0.16","v8.0.17","v8.0.18","v8.0.19","v8.0.2","v8.0.20","v8.0.21","v8.0.22","v8.0.3","v8.0.4","v8.0.5","v8.0.6","v8.0.7","v8.0.8","v9.0.0","v9.0.0-preview.1","v9.0.0-preview.2","v9.0.0-preview.3","v9.0.0-preview.4","v9.0.0-preview.5","v9.0.0-preview.6","v9.0.0-preview.7","v9.0.0-rc.1","v9.0.0-rc.2","v9.0.1","v9.0.10","v9.0.11","v9.0.2","v9.0.3","v9.0.4","v9.0.5","v9.0.6","v9.0.7","v9.0.8","v9.0.9"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"31"}]},{"events":[{"introduced":"0"},{"last_affected":"32"}]},{"events":[{"introduced":"0"},{"last_affected":"33"}]},{"events":[{"introduced":"0"},{"last_affected":"34"}]},{"events":[{"introduced":"0"},{"last_affected":"35"}]},{"events":[{"introduced":"0"},{"last_affected":"36"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"20.04"}]},{"events":[{"introduced":"0"},{"last_affected":"15.2"}]},{"events":[{"introduced":"16.0"},{"last_affected":"16.11"}]},{"events":[{"introduced":"17.0"},{"last_affected":"17.0.7"}]},{"events":[{"introduced":"0"},{"last_affected":"17.1"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8927.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}]}