DescriptionA buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
Overall state of this security issue: Pending
This issue is currently rated as having moderate severity.
Status of this issue by product and package
Please note that this evaluation state might be work in progress, incomplete or outdated. Also information for service packs in the LTSS phase is only included for issues meeting the LTSS criteria. If in doubt, feel free to contact us for clarification.
|SUSE Linux Enterprise High Performance Computing 15 LTSS||brotli||Affected|
|SUSE Linux Enterprise Module for Basesystem 15-SP1||brotli||Affected|
|SUSE Linux Enterprise Module for Basesystem 15-SP2||brotli||Affected|
|SUSE Linux Enterprise Server 15 LTSS||brotli||Affected|
|SUSE Linux Enterprise Server ESPOS 15||brotli||Affected|