You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB.
An updated version of brotli-sys has not been released. If one cannot update the C library, its authors recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
In Rust the issue can be mitigated by migrating to the brotli crate, which provides a Rust implementation of Brotli compression and decompression that is not affected by this issue.
brotli-sys0.3.2A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB.
An updated version of
brotli-syshas not been released. If one cannot update the C library, its authors recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.In Rust the issue can be mitigated by migrating to the
brotlicrate, which provides a Rust implementation of Brotli compression and decompression that is not affected by this issue.See advisory page for additional details.
The text was updated successfully, but these errors were encountered: