Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
IO::Compress::Brotli versions prior to 0.007 for Perl have an integer overflow in the bundled Brotli C library
Vulnerability Description
A buffer overflow, as described in CVE-2020-8927, exists in the embedded Brotli library. Versions of IO::Compress::Brotli prior to 0.007 included a version of the brotli library prior to version 1.0.8, where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your IO::Compress::Brotli module to 0.007 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
CVSS Information
N/A
Vulnerability Type
CWE-1395
Vulnerability Title
MetaCPAN IO::Compress::Brotli 安全漏洞
Vulnerability Description
MetaCPAN IO::Compress::Brotli是MetaCPAN基金会的一个库。 MetaCPAN IO::Compress::Brotli 0.007之前版本存在安全漏洞,该漏洞源于嵌入式Brotli库存在缓冲区溢出,可能导致崩溃。
CVSS Information
N/A
Vulnerability Type
N/A