Bug 1195079

Summary: VUL-0: brotli: integer overflow
Product: [Novell Products] SUSE Security Incidents Reporter: Aaron Williams <aaron.w2>
Component: IncidentsAssignee: Danilo Spinella <danilo.spinella>
Status: RESOLVED DUPLICATE QA Contact: Security Team bot <security-team>
Severity: Critical    
Priority: P3 - Medium CC: meissner
Version: unspecified   
Target Milestone: ---   
Hardware: x86-64   
OS: openSUSE Leap 15.3   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Aaron Williams 2022-01-25 03:49:11 UTC 
This from github:

SECURITY NOTE
Please consider updating brotli to version 1.0.9 (latest).

Version 1.0.9 contains a fix to "integer overflow" problem. This happens when "one-shot" decoding API is used (or input chunk for streaming API is not limited), input size (chunk size) is larger than 2GiB, and input contains uncompressed blocks. After the overflow happens, memcpy is invoked with a gigantic num value, that will likely cause the crash.

See https://github.com/google/brotli

Currently, 15.3 includes brotli 1.0.7.
Comment 1 Marcus Meissner 2022-01-25 08:16:53 UTC 
no cve yet apparently
Comment 2 Danilo Spinella 2022-01-26 09:33:39 UTC 
This seems to me like a duplicate of bsc#1175825. Can you please confirm?
Comment 3 Aaron Williams 2022-01-26 11:36:07 UTC 
I concur that this is a duplicate, sorry.
Comment 4 Marcus Meissner 2022-01-26 13:44:58 UTC 
dup

*** This bug has been marked as a duplicate of bug 1175825 ***