Bugzilla – Bug 1175825
VUL-0: CVE-2020-8927: brotli: decoder: integer overflow when input chunk is larger than 2GiB
Last modified: 2024-06-19 13:58:35 UTC
From https://github.com/google/brotli/releases/tag/v1.0.8 > SECURITY: decoder: fix integer overflow when input chunk is larger than 2GiB References: https://github.com/google/brotli/pull/826/commits/4c08c515f3c45abde832ce7421794ae6fc14cd21 https://build.opensuse.org/request/show/829811
https://github.com/google/brotli/commit/d518e55ba7f335cb318396e47c1e05c4205d6c4b Version 1.0.8 contains a fix to "integer overflow" problem. This happens when "one-shot" decoding API is used (or input chunk for streaming API is not limited), input size (chunk size) is larger than 2GiB, and input contains uncompressed blocks. After the overflow happens, `memcpy` is invoked with a gigantic `num` value, that will likely cause the crash.
This is probably the fix: https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6#diff-4fcc3d6c0ab06cebc24e622bbe281a03L93-L100 diff --git a/c/dec/bit_reader.h b/c/dec/bit_reader.h index f94a717e..22bc060c 100644 --- a/c/dec/bit_reader.h +++ b/c/dec/bit_reader.h @@ -93,8 +85,11 @@ static BROTLI_INLINE uint32_t BrotliGetAvailableBits( } /* Returns amount of unread bytes the bit reader still has buffered from the - BrotliInput, including whole bytes in br->val_. */ + BrotliInput, including whole bytes in br->val_. Result is capped with + maximal ring-buffer size (larger number won't be utilized anyway). */ static BROTLI_INLINE size_t BrotliGetRemainingBytes(BrotliBitReader* br) { + static const size_t kCap = (size_t)1 << BROTLI_LARGE_MAX_WBITS; + if (br->avail_in > kCap) return kCap; return br->avail_in + (BrotliGetAvailableBits(br) >> 3); }
This is an autogenerated message for OBS integration: This bug (1175825) was mentioned in https://build.opensuse.org/request/show/835686 15.2 / brotli
openSUSE-SU-2020:1578-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1175825 CVE References: CVE-2020-8927 JIRA References: Sources used: openSUSE Leap 15.2 (src): brotli-1.0.9-lp152.2.3.1
updated to 1.0.9.
This is an autogenerated message for OBS integration: This bug (1175825) was mentioned in https://build.opensuse.org/request/show/866129 Factory / python-Brotli
we miss fixes for SUSE:SLE-15:Update SUSE:SLE-15-SP2:Update
SLE-15 has brotli 1.0.2 and the code is too different from the patch. How should I proceed?
SUSE-SU-2021:3942-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1175825 CVE References: CVE-2020-8927 JIRA References: Sources used: SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): brotli-1.0.7-3.3.1 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): brotli-1.0.7-3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:3942-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1175825 CVE References: CVE-2020-8927 JIRA References: Sources used: openSUSE Leap 15.3 (src): brotli-1.0.7-3.3.1
*** Bug 1195079 has been marked as a duplicate of this bug. ***
Released
SUSE-SU-2023:3670-1: An update that solves one vulnerability can now be installed. Category: security (moderate) Bug References: 1175825 CVE References: CVE-2020-8927 Sources used: Public Cloud Module 12 (src): python-brotlipy-0.6.0-2.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:3669-1: An update that solves one vulnerability can now be installed. Category: security (moderate) Bug References: 1175825 CVE References: CVE-2020-8927 Sources used: Public Cloud Module 15-SP2 (src): python-brotlipy-0.7.0-150100.3.6.1 Public Cloud Module 15-SP1 (src): python-brotlipy-0.7.0-150100.3.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:3827-1: An update that solves one vulnerability can now be installed. Category: security (moderate) Bug References: 1175825 CVE References: CVE-2020-8927 Sources used: Public Cloud Module 15-SP3 (src): python-brotlipy-0.7.0-150300.3.3.1 Public Cloud Module 15-SP4 (src): python-brotlipy-0.7.0-150300.3.3.1 Public Cloud Module 15-SP5 (src): python-brotlipy-0.7.0-150300.3.3.1 openSUSE Leap 15.4 (src): python-brotlipy-0.7.0-150300.3.3.1 openSUSE Leap 15.5 (src): python-brotlipy-0.7.0-150300.3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
home:pgajdos:ALP/python-brotlipy https://build.suse.de/request/show/332961 15sp2/python-Brotli https://build.suse.de/request/show/332962 15/brotli not supported anymore I think I believe all fixed, in opposite case please reassign back.
(In reply to Petr Gajdos from comment #28) > home:pgajdos:ALP/python-brotlipy > https://build.suse.de/request/show/332961 I confused with SUSE:ALP:Workbench:1.0, this package was originally in SUSE:ALP:Source:Standard:1.0, but it was deleted from there. So no update needed for ALP.
SUSE-SU-2024:1968-1: An update that solves one vulnerability can now be installed. Category: security (moderate) Bug References: 1175825 CVE References: CVE-2020-8927 Maintenance Incident: [SUSE:Maintenance:34139](https://smelt.suse.de/incident/34139/) Sources used: openSUSE Leap 15.5 (src): python-Brotli-1.0.7-150200.3.3.1 Python 3 Module 15-SP6 (src): python-Brotli-1.0.7-150200.3.3.1 Server Applications Module 15-SP5 (src): python-Brotli-1.0.7-150200.3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.