Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2020-8927
Vulnerability from cvelistv5
Published
2020-09-15 09:15
Modified
2024-08-04 10:12
Severity ?
EPSS score ?
Summary
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Google LLC | Brotli |
Version: stable < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T10:12:11.066Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/google/brotli/releases/tag/v1.0.9", }, { name: "openSUSE-SU-2020:1578", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", }, { name: "FEDORA-2020-22d278923a", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", }, { name: "USN-4568-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4568-1/", }, { name: "FEDORA-2020-c663fbc46c", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", }, { name: "FEDORA-2020-e21bd401ad", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", }, { name: "FEDORA-2020-bc9a739f0c", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", }, { name: "FEDORA-2020-9336b65f82", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", }, { name: "FEDORA-2020-c76a35b209", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", }, { name: "[debian-lts-announce] 20201201 [SECURITY] [DLA 2476-1] brotli security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", }, { name: "DSA-4801", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4801", }, { name: "FEDORA-2022-9e046f579a", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", }, { name: "FEDORA-2022-5ecee47acb", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", }, { name: "FEDORA-2022-d28042f559", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Brotli", vendor: "Google LLC", versions: [ { lessThanOrEqual: "1.0.7", status: "affected", version: "stable", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Jay Lv <nengzhi.pnz@antgroup.com>", }, ], descriptions: [ { lang: "en", value: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-130", description: "CWE-130 Improper Handling of Length Parameter Inconsistency ", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-03-27T04:06:10", orgId: "14ed7db2-1595-443d-9d34-6215bf890778", shortName: "Google", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/google/brotli/releases/tag/v1.0.9", }, { name: "openSUSE-SU-2020:1578", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", }, { name: "FEDORA-2020-22d278923a", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", }, { name: "USN-4568-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4568-1/", }, { name: "FEDORA-2020-c663fbc46c", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", }, { name: "FEDORA-2020-e21bd401ad", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", }, { name: "FEDORA-2020-bc9a739f0c", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", }, { name: "FEDORA-2020-9336b65f82", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", }, { name: "FEDORA-2020-c76a35b209", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", }, { name: "[debian-lts-announce] 20201201 [SECURITY] [DLA 2476-1] brotli security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", }, { name: "DSA-4801", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4801", }, { name: "FEDORA-2022-9e046f579a", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", }, { name: "FEDORA-2022-5ecee47acb", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", }, { name: "FEDORA-2022-d28042f559", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", }, ], source: { discovery: "EXTERNAL", }, title: "Buffer overflow in Brotli library", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@google.com", ID: "CVE-2020-8927", STATE: "PUBLIC", TITLE: "Buffer overflow in Brotli library", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Brotli", version: { version_data: [ { version_affected: "<=", version_name: "stable", version_value: "1.0.7", }, ], }, }, ], }, vendor_name: "Google LLC", }, ], }, }, credit: [ { lang: "eng", value: "Jay Lv <nengzhi.pnz@antgroup.com>", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-130 Improper Handling of Length Parameter Inconsistency ", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/google/brotli/releases/tag/v1.0.9", refsource: "CONFIRM", url: "https://github.com/google/brotli/releases/tag/v1.0.9", }, { name: "openSUSE-SU-2020:1578", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", }, { name: "FEDORA-2020-22d278923a", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", }, { name: "USN-4568-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4568-1/", }, { name: "FEDORA-2020-c663fbc46c", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", }, { name: "FEDORA-2020-e21bd401ad", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", }, { name: "FEDORA-2020-bc9a739f0c", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", }, { name: "FEDORA-2020-9336b65f82", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", }, { name: "FEDORA-2020-c76a35b209", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", }, { name: "[debian-lts-announce] 20201201 [SECURITY] [DLA 2476-1] brotli security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", }, { name: "DSA-4801", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4801", }, { name: "FEDORA-2022-9e046f579a", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", }, { name: "FEDORA-2022-5ecee47acb", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", }, { name: "FEDORA-2022-d28042f559", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", }, ], }, source: { discovery: "EXTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "14ed7db2-1595-443d-9d34-6215bf890778", assignerShortName: "Google", cveId: "CVE-2020-8927", datePublished: "2020-09-15T09:15:12", dateReserved: "2020-02-12T00:00:00", dateUpdated: "2024-08-04T10:12:11.066Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2020-8927\",\"sourceIdentifier\":\"cve-coordination@google.com\",\"published\":\"2020-09-15T10:15:12.887\",\"lastModified\":\"2024-11-21T05:39:41.370\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \\\"one-shot\\\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \\\"streaming\\\" API as opposed to the \\\"one-shot\\\" API, and impose chunk size limits.\"},{\"lang\":\"es\",\"value\":\"Se presenta un desbordamiento del búfer en la biblioteca Brotli versiones anteriores a 1.0.8, donde un atacante que controla la longitud de entrada de una petición de descompresión \\\"one-shot\\\" en un script puede desencadenar un bloqueo, que ocurre cuando se copian fragmentos de datos de más de 2 GiB . Se recomienda actualizar su biblioteca de Brotli a la versión 1.0.8 o posterior. Si no se puede actualizar, recomendamos usar la API \\\"streaming\\\" en lugar de la API \\\"one-shot\\\" e imponer límites de tamaño de fragmentos\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve-coordination@google.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:P\",\"baseScore\":6.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cve-coordination@google.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-130\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:brotli:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.8\",\"matchCriteriaId\":\"3A0C4F94-96AA-45AE-A3A6-55DE4FD744E3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36D96259-24BD-44E2-96D9-78CE1D41F956\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"902B8056-9E37-443B-8905-8AA93E2447FB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B009C22E-30A4-4288-BCF6-C3E81DEAF45A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0\",\"versionEndIncluding\":\"5.0.14\",\"matchCriteriaId\":\"D986C83E-F055-4861-B3FC-D1AE2662A826\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.1\",\"versionEndIncluding\":\"3.1.22\",\"matchCriteriaId\":\"EB57B616-F5BD-47B7-BBD0-AF58976CEE10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0\",\"versionEndExcluding\":\"7.0.9\",\"matchCriteriaId\":\"77F72A4A-239D-4362-B42C-2B125FD977AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.1\",\"versionEndExcluding\":\"7.1.6\",\"matchCriteriaId\":\"A2C644EF-33B6-440F-8051-6A0D3C096F67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.2\",\"versionEndExcluding\":\"7.2.2\",\"matchCriteriaId\":\"CD5CE10E-FCBF-4FBA-9B4E-BEB7F7E902A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.0\",\"versionEndIncluding\":\"16.11\",\"matchCriteriaId\":\"C9984FFB-8AFA-438F-B762-B98649B64B23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.0\",\"versionEndIncluding\":\"17.0.7\",\"matchCriteriaId\":\"962BF425-75A7-4743-A3EA-275F8D66A00B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:17.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"950638D8-6997-4058-8A9E-6153A7FC3B32\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html\",\"source\":\"cve-coordination@google.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/google/brotli/releases/tag/v1.0.9\",\"source\":\"cve-coordination@google.com\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html\",\"source\":\"cve-coordination@google.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/\",\"source\":\"cve-coordination@google.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/\",\"source\":\"cve-coordination@google.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/\",\"source\":\"cve-coordination@google.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/\",\"source\":\"cve-coordination@google.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/\",\"source\":\"cve-coordination@google.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/\",\"source\":\"cve-coordination@google.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/\",\"source\":\"cve-coordination@google.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/\",\"source\":\"cve-coordination@google.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/\",\"source\":\"cve-coordination@google.com\"},{\"url\":\"https://usn.ubuntu.com/4568-1/\",\"source\":\"cve-coordination@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4801\",\"source\":\"cve-coordination@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/google/brotli/releases/tag/v1.0.9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4568-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4801\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}", }, }
suse-su-2024:1968-1
Vulnerability from csaf_suse
Published
2024-06-10 18:04
Modified
2024-06-10 18:04
Summary
Security update for python-Brotli
Notes
Title of the patch
Security update for python-Brotli
Description of the patch
This update for python-Brotli fixes the following issues:
- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB. (bsc#1175825)
Patchnames
SUSE-2024-1968,SUSE-SLE-Module-Python3-15-SP6-2024-1968,SUSE-SLE-Module-Server-Applications-15-SP5-2024-1968,openSUSE-SLE-15.5-2024-1968
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for python-Brotli", title: "Title of the patch", }, { category: "description", text: "This update for python-Brotli fixes the following issues:\n\n- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB. (bsc#1175825)\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2024-1968,SUSE-SLE-Module-Python3-15-SP6-2024-1968,SUSE-SLE-Module-Server-Applications-15-SP5-2024-1968,openSUSE-SLE-15.5-2024-1968", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1968-1.json", }, { category: "self", summary: "URL for SUSE-SU-2024:1968-1", url: "https://www.suse.com/support/update/announcement/2024/suse-su-20241968-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2024:1968-1", url: "https://lists.suse.com/pipermail/sle-updates/2024-June/035525.html", }, { category: "self", summary: "SUSE Bug 1175825", url: "https://bugzilla.suse.com/1175825", }, { category: "self", summary: "SUSE CVE CVE-2020-8927 page", url: "https://www.suse.com/security/cve/CVE-2020-8927/", }, ], title: "Security update for python-Brotli", tracking: { current_release_date: "2024-06-10T18:04:25Z", generator: { date: "2024-06-10T18:04:25Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2024:1968-1", initial_release_date: "2024-06-10T18:04:25Z", revision_history: [ { date: "2024-06-10T18:04:25Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "python2-Brotli-1.0.7-150200.3.3.1.aarch64", product: { name: "python2-Brotli-1.0.7-150200.3.3.1.aarch64", product_id: "python2-Brotli-1.0.7-150200.3.3.1.aarch64", }, }, { category: "product_version", name: "python3-Brotli-1.0.7-150200.3.3.1.aarch64", product: { name: "python3-Brotli-1.0.7-150200.3.3.1.aarch64", product_id: "python3-Brotli-1.0.7-150200.3.3.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "python2-Brotli-1.0.7-150200.3.3.1.i586", product: { name: "python2-Brotli-1.0.7-150200.3.3.1.i586", product_id: "python2-Brotli-1.0.7-150200.3.3.1.i586", }, }, { category: "product_version", name: "python3-Brotli-1.0.7-150200.3.3.1.i586", product: { name: "python3-Brotli-1.0.7-150200.3.3.1.i586", product_id: "python3-Brotli-1.0.7-150200.3.3.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "python2-Brotli-1.0.7-150200.3.3.1.ppc64le", product: { name: "python2-Brotli-1.0.7-150200.3.3.1.ppc64le", product_id: "python2-Brotli-1.0.7-150200.3.3.1.ppc64le", }, }, { category: "product_version", name: "python3-Brotli-1.0.7-150200.3.3.1.ppc64le", product: { name: "python3-Brotli-1.0.7-150200.3.3.1.ppc64le", product_id: "python3-Brotli-1.0.7-150200.3.3.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "python2-Brotli-1.0.7-150200.3.3.1.s390x", product: { name: "python2-Brotli-1.0.7-150200.3.3.1.s390x", product_id: "python2-Brotli-1.0.7-150200.3.3.1.s390x", }, }, { category: "product_version", name: "python3-Brotli-1.0.7-150200.3.3.1.s390x", product: { name: "python3-Brotli-1.0.7-150200.3.3.1.s390x", product_id: "python3-Brotli-1.0.7-150200.3.3.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "python2-Brotli-1.0.7-150200.3.3.1.x86_64", product: { name: "python2-Brotli-1.0.7-150200.3.3.1.x86_64", product_id: "python2-Brotli-1.0.7-150200.3.3.1.x86_64", }, }, { category: "product_version", name: "python3-Brotli-1.0.7-150200.3.3.1.x86_64", product: { name: "python3-Brotli-1.0.7-150200.3.3.1.x86_64", product_id: "python3-Brotli-1.0.7-150200.3.3.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Python 3 15 SP6", product: { name: "SUSE Linux Enterprise Module for Python 3 15 SP6", product_id: "SUSE Linux Enterprise Module for Python 3 15 SP6", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-python3:15:sp6", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Server Applications 15 SP5", product: { name: "SUSE Linux Enterprise Module for Server Applications 15 SP5", product_id: "SUSE Linux Enterprise Module for Server Applications 15 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-server-applications:15:sp5", }, }, }, { category: "product_name", name: "openSUSE Leap 15.5", product: { name: "openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.5", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "python3-Brotli-1.0.7-150200.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Python 3 15 SP6", product_id: "SUSE Linux Enterprise Module for Python 3 15 SP6:python3-Brotli-1.0.7-150200.3.3.1.aarch64", }, product_reference: "python3-Brotli-1.0.7-150200.3.3.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Python 3 15 SP6", }, { category: "default_component_of", full_product_name: { name: "python3-Brotli-1.0.7-150200.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Python 3 15 SP6", product_id: "SUSE Linux Enterprise Module for Python 3 15 SP6:python3-Brotli-1.0.7-150200.3.3.1.ppc64le", }, product_reference: "python3-Brotli-1.0.7-150200.3.3.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Python 3 15 SP6", }, { category: "default_component_of", full_product_name: { name: "python3-Brotli-1.0.7-150200.3.3.1.s390x as component of SUSE Linux Enterprise Module for Python 3 15 SP6", product_id: "SUSE Linux Enterprise Module for Python 3 15 SP6:python3-Brotli-1.0.7-150200.3.3.1.s390x", }, product_reference: "python3-Brotli-1.0.7-150200.3.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Python 3 15 SP6", }, { category: "default_component_of", full_product_name: { name: "python3-Brotli-1.0.7-150200.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Python 3 15 SP6", product_id: "SUSE Linux Enterprise Module for Python 3 15 SP6:python3-Brotli-1.0.7-150200.3.3.1.x86_64", }, product_reference: "python3-Brotli-1.0.7-150200.3.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Python 3 15 SP6", }, { category: "default_component_of", full_product_name: { name: "python3-Brotli-1.0.7-150200.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP5", product_id: "SUSE Linux Enterprise Module for Server Applications 15 SP5:python3-Brotli-1.0.7-150200.3.3.1.aarch64", }, product_reference: "python3-Brotli-1.0.7-150200.3.3.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Server Applications 15 SP5", }, { category: "default_component_of", full_product_name: { name: "python3-Brotli-1.0.7-150200.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP5", product_id: "SUSE Linux Enterprise Module for Server Applications 15 SP5:python3-Brotli-1.0.7-150200.3.3.1.ppc64le", }, product_reference: "python3-Brotli-1.0.7-150200.3.3.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Server Applications 15 SP5", }, { category: "default_component_of", full_product_name: { name: "python3-Brotli-1.0.7-150200.3.3.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP5", product_id: "SUSE Linux Enterprise Module for Server Applications 15 SP5:python3-Brotli-1.0.7-150200.3.3.1.s390x", }, product_reference: "python3-Brotli-1.0.7-150200.3.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Server Applications 15 SP5", }, { category: "default_component_of", full_product_name: { name: "python3-Brotli-1.0.7-150200.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP5", product_id: "SUSE Linux Enterprise Module for Server Applications 15 SP5:python3-Brotli-1.0.7-150200.3.3.1.x86_64", }, product_reference: "python3-Brotli-1.0.7-150200.3.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Server Applications 15 SP5", }, { category: "default_component_of", full_product_name: { name: "python3-Brotli-1.0.7-150200.3.3.1.aarch64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:python3-Brotli-1.0.7-150200.3.3.1.aarch64", }, product_reference: "python3-Brotli-1.0.7-150200.3.3.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "python3-Brotli-1.0.7-150200.3.3.1.ppc64le as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:python3-Brotli-1.0.7-150200.3.3.1.ppc64le", }, product_reference: "python3-Brotli-1.0.7-150200.3.3.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "python3-Brotli-1.0.7-150200.3.3.1.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:python3-Brotli-1.0.7-150200.3.3.1.s390x", }, product_reference: "python3-Brotli-1.0.7-150200.3.3.1.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "python3-Brotli-1.0.7-150200.3.3.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:python3-Brotli-1.0.7-150200.3.3.1.x86_64", }, product_reference: "python3-Brotli-1.0.7-150200.3.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, ], }, vulnerabilities: [ { cve: "CVE-2020-8927", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-8927", }, ], notes: [ { category: "general", text: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Python 3 15 SP6:python3-Brotli-1.0.7-150200.3.3.1.aarch64", "SUSE Linux Enterprise Module for Python 3 15 SP6:python3-Brotli-1.0.7-150200.3.3.1.ppc64le", "SUSE Linux Enterprise Module for Python 3 15 SP6:python3-Brotli-1.0.7-150200.3.3.1.s390x", "SUSE Linux Enterprise Module for Python 3 15 SP6:python3-Brotli-1.0.7-150200.3.3.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP5:python3-Brotli-1.0.7-150200.3.3.1.aarch64", "SUSE Linux Enterprise Module for Server Applications 15 SP5:python3-Brotli-1.0.7-150200.3.3.1.ppc64le", "SUSE Linux Enterprise Module for Server Applications 15 SP5:python3-Brotli-1.0.7-150200.3.3.1.s390x", "SUSE Linux Enterprise Module for Server Applications 15 SP5:python3-Brotli-1.0.7-150200.3.3.1.x86_64", "openSUSE Leap 15.5:python3-Brotli-1.0.7-150200.3.3.1.aarch64", "openSUSE Leap 15.5:python3-Brotli-1.0.7-150200.3.3.1.ppc64le", "openSUSE Leap 15.5:python3-Brotli-1.0.7-150200.3.3.1.s390x", "openSUSE Leap 15.5:python3-Brotli-1.0.7-150200.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-8927", url: "https://www.suse.com/security/cve/CVE-2020-8927", }, { category: "external", summary: "SUSE Bug 1175825 for CVE-2020-8927", url: "https://bugzilla.suse.com/1175825", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Python 3 15 SP6:python3-Brotli-1.0.7-150200.3.3.1.aarch64", "SUSE Linux Enterprise Module for Python 3 15 SP6:python3-Brotli-1.0.7-150200.3.3.1.ppc64le", "SUSE Linux Enterprise Module for Python 3 15 SP6:python3-Brotli-1.0.7-150200.3.3.1.s390x", "SUSE Linux Enterprise Module for Python 3 15 SP6:python3-Brotli-1.0.7-150200.3.3.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP5:python3-Brotli-1.0.7-150200.3.3.1.aarch64", "SUSE Linux Enterprise Module for Server Applications 15 SP5:python3-Brotli-1.0.7-150200.3.3.1.ppc64le", "SUSE Linux Enterprise Module for Server Applications 15 SP5:python3-Brotli-1.0.7-150200.3.3.1.s390x", "SUSE Linux Enterprise Module for Server Applications 15 SP5:python3-Brotli-1.0.7-150200.3.3.1.x86_64", "openSUSE Leap 15.5:python3-Brotli-1.0.7-150200.3.3.1.aarch64", "openSUSE Leap 15.5:python3-Brotli-1.0.7-150200.3.3.1.ppc64le", "openSUSE Leap 15.5:python3-Brotli-1.0.7-150200.3.3.1.s390x", "openSUSE Leap 15.5:python3-Brotli-1.0.7-150200.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Python 3 15 SP6:python3-Brotli-1.0.7-150200.3.3.1.aarch64", "SUSE Linux Enterprise Module for Python 3 15 SP6:python3-Brotli-1.0.7-150200.3.3.1.ppc64le", "SUSE Linux Enterprise Module for Python 3 15 SP6:python3-Brotli-1.0.7-150200.3.3.1.s390x", "SUSE Linux Enterprise Module for Python 3 15 SP6:python3-Brotli-1.0.7-150200.3.3.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP5:python3-Brotli-1.0.7-150200.3.3.1.aarch64", "SUSE Linux Enterprise Module for Server Applications 15 SP5:python3-Brotli-1.0.7-150200.3.3.1.ppc64le", "SUSE Linux Enterprise Module for Server Applications 15 SP5:python3-Brotli-1.0.7-150200.3.3.1.s390x", "SUSE Linux Enterprise Module for Server Applications 15 SP5:python3-Brotli-1.0.7-150200.3.3.1.x86_64", "openSUSE Leap 15.5:python3-Brotli-1.0.7-150200.3.3.1.aarch64", "openSUSE Leap 15.5:python3-Brotli-1.0.7-150200.3.3.1.ppc64le", "openSUSE Leap 15.5:python3-Brotli-1.0.7-150200.3.3.1.s390x", "openSUSE Leap 15.5:python3-Brotli-1.0.7-150200.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-10T18:04:25Z", details: "moderate", }, ], title: "CVE-2020-8927", }, ], }
suse-su-2023:3670-1
Vulnerability from csaf_suse
Published
2023-09-19 09:50
Modified
2023-09-19 09:50
Summary
Security update for python-brotlipy
Notes
Title of the patch
Security update for python-brotlipy
Description of the patch
This update for python-brotlipy fixes the following issues:
- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825).
Patchnames
SUSE-2023-3670,SUSE-SLE-Module-Public-Cloud-12-2023-3670
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for python-brotlipy", title: "Title of the patch", }, { category: "description", text: "This update for python-brotlipy fixes the following issues:\n\n- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2023-3670,SUSE-SLE-Module-Public-Cloud-12-2023-3670", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3670-1.json", }, { category: "self", summary: "URL for SUSE-SU-2023:3670-1", url: "https://www.suse.com/support/update/announcement/2023/suse-su-20233670-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2023:3670-1", url: "https://lists.suse.com/pipermail/sle-updates/2023-September/031549.html", }, { category: "self", summary: "SUSE Bug 1175825", url: "https://bugzilla.suse.com/1175825", }, { category: "self", summary: "SUSE CVE CVE-2020-8927 page", url: "https://www.suse.com/security/cve/CVE-2020-8927/", }, ], title: "Security update for python-brotlipy", tracking: { current_release_date: "2023-09-19T09:50:34Z", generator: { date: "2023-09-19T09:50:34Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2023:3670-1", initial_release_date: "2023-09-19T09:50:34Z", revision_history: [ { date: "2023-09-19T09:50:34Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "python-brotlipy-0.6.0-2.6.1.aarch64", product: { name: "python-brotlipy-0.6.0-2.6.1.aarch64", product_id: "python-brotlipy-0.6.0-2.6.1.aarch64", }, }, { category: "product_version", name: "python3-brotlipy-0.6.0-2.6.1.aarch64", product: { name: "python3-brotlipy-0.6.0-2.6.1.aarch64", product_id: "python3-brotlipy-0.6.0-2.6.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "python-brotlipy-0.6.0-2.6.1.i586", product: { name: "python-brotlipy-0.6.0-2.6.1.i586", product_id: "python-brotlipy-0.6.0-2.6.1.i586", }, }, { category: "product_version", name: "python3-brotlipy-0.6.0-2.6.1.i586", product: { name: "python3-brotlipy-0.6.0-2.6.1.i586", product_id: "python3-brotlipy-0.6.0-2.6.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "python-brotlipy-0.6.0-2.6.1.ppc64le", product: { name: "python-brotlipy-0.6.0-2.6.1.ppc64le", product_id: "python-brotlipy-0.6.0-2.6.1.ppc64le", }, }, { category: "product_version", name: "python3-brotlipy-0.6.0-2.6.1.ppc64le", product: { name: "python3-brotlipy-0.6.0-2.6.1.ppc64le", product_id: "python3-brotlipy-0.6.0-2.6.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "python-brotlipy-0.6.0-2.6.1.s390", product: { name: "python-brotlipy-0.6.0-2.6.1.s390", product_id: "python-brotlipy-0.6.0-2.6.1.s390", }, }, { category: "product_version", name: "python3-brotlipy-0.6.0-2.6.1.s390", product: { name: "python3-brotlipy-0.6.0-2.6.1.s390", product_id: "python3-brotlipy-0.6.0-2.6.1.s390", }, }, ], category: "architecture", name: "s390", }, { branches: [ { category: "product_version", name: "python-brotlipy-0.6.0-2.6.1.s390x", product: { name: "python-brotlipy-0.6.0-2.6.1.s390x", product_id: "python-brotlipy-0.6.0-2.6.1.s390x", }, }, { category: "product_version", name: "python3-brotlipy-0.6.0-2.6.1.s390x", product: { name: "python3-brotlipy-0.6.0-2.6.1.s390x", product_id: "python3-brotlipy-0.6.0-2.6.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "python-brotlipy-0.6.0-2.6.1.x86_64", product: { name: "python-brotlipy-0.6.0-2.6.1.x86_64", product_id: "python-brotlipy-0.6.0-2.6.1.x86_64", }, }, { category: "product_version", name: "python3-brotlipy-0.6.0-2.6.1.x86_64", product: { name: "python3-brotlipy-0.6.0-2.6.1.x86_64", product_id: "python3-brotlipy-0.6.0-2.6.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Public Cloud 12", product: { name: "SUSE Linux Enterprise Module for Public Cloud 12", product_id: "SUSE Linux Enterprise Module for Public Cloud 12", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-public-cloud:12", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "python-brotlipy-0.6.0-2.6.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 12", product_id: "SUSE Linux Enterprise Module for Public Cloud 12:python-brotlipy-0.6.0-2.6.1.aarch64", }, product_reference: "python-brotlipy-0.6.0-2.6.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Public Cloud 12", }, { category: "default_component_of", full_product_name: { name: "python-brotlipy-0.6.0-2.6.1.ppc64le as component of SUSE Linux Enterprise Module for Public Cloud 12", product_id: "SUSE Linux Enterprise Module for Public Cloud 12:python-brotlipy-0.6.0-2.6.1.ppc64le", }, product_reference: "python-brotlipy-0.6.0-2.6.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Public Cloud 12", }, { category: "default_component_of", full_product_name: { name: "python-brotlipy-0.6.0-2.6.1.s390x as component of SUSE Linux Enterprise Module for Public Cloud 12", product_id: "SUSE Linux Enterprise Module for Public Cloud 12:python-brotlipy-0.6.0-2.6.1.s390x", }, product_reference: "python-brotlipy-0.6.0-2.6.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Public Cloud 12", }, { category: "default_component_of", full_product_name: { name: "python-brotlipy-0.6.0-2.6.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 12", product_id: "SUSE Linux Enterprise Module for Public Cloud 12:python-brotlipy-0.6.0-2.6.1.x86_64", }, product_reference: "python-brotlipy-0.6.0-2.6.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Public Cloud 12", }, { category: "default_component_of", full_product_name: { name: "python3-brotlipy-0.6.0-2.6.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 12", product_id: "SUSE Linux Enterprise Module for Public Cloud 12:python3-brotlipy-0.6.0-2.6.1.aarch64", }, product_reference: "python3-brotlipy-0.6.0-2.6.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Public Cloud 12", }, { category: "default_component_of", full_product_name: { name: "python3-brotlipy-0.6.0-2.6.1.ppc64le as component of SUSE Linux Enterprise Module for Public Cloud 12", product_id: "SUSE Linux Enterprise Module for Public Cloud 12:python3-brotlipy-0.6.0-2.6.1.ppc64le", }, product_reference: "python3-brotlipy-0.6.0-2.6.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Public Cloud 12", }, { category: "default_component_of", full_product_name: { name: "python3-brotlipy-0.6.0-2.6.1.s390x as component of SUSE Linux Enterprise Module for Public Cloud 12", product_id: "SUSE Linux Enterprise Module for Public Cloud 12:python3-brotlipy-0.6.0-2.6.1.s390x", }, product_reference: "python3-brotlipy-0.6.0-2.6.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Public Cloud 12", }, { category: "default_component_of", full_product_name: { name: "python3-brotlipy-0.6.0-2.6.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 12", product_id: "SUSE Linux Enterprise Module for Public Cloud 12:python3-brotlipy-0.6.0-2.6.1.x86_64", }, product_reference: "python3-brotlipy-0.6.0-2.6.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Public Cloud 12", }, ], }, vulnerabilities: [ { cve: "CVE-2020-8927", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-8927", }, ], notes: [ { category: "general", text: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Public Cloud 12:python-brotlipy-0.6.0-2.6.1.aarch64", "SUSE Linux Enterprise Module for Public Cloud 12:python-brotlipy-0.6.0-2.6.1.ppc64le", "SUSE Linux Enterprise Module for Public Cloud 12:python-brotlipy-0.6.0-2.6.1.s390x", "SUSE Linux Enterprise Module for Public Cloud 12:python-brotlipy-0.6.0-2.6.1.x86_64", "SUSE Linux Enterprise Module for Public Cloud 12:python3-brotlipy-0.6.0-2.6.1.aarch64", "SUSE Linux Enterprise Module for Public Cloud 12:python3-brotlipy-0.6.0-2.6.1.ppc64le", "SUSE Linux Enterprise Module for Public Cloud 12:python3-brotlipy-0.6.0-2.6.1.s390x", "SUSE Linux Enterprise Module for Public Cloud 12:python3-brotlipy-0.6.0-2.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-8927", url: "https://www.suse.com/security/cve/CVE-2020-8927", }, { category: "external", summary: "SUSE Bug 1175825 for CVE-2020-8927", url: "https://bugzilla.suse.com/1175825", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Public Cloud 12:python-brotlipy-0.6.0-2.6.1.aarch64", "SUSE Linux Enterprise Module for Public Cloud 12:python-brotlipy-0.6.0-2.6.1.ppc64le", "SUSE Linux Enterprise Module for Public Cloud 12:python-brotlipy-0.6.0-2.6.1.s390x", "SUSE Linux Enterprise Module for Public Cloud 12:python-brotlipy-0.6.0-2.6.1.x86_64", "SUSE Linux Enterprise Module for Public Cloud 12:python3-brotlipy-0.6.0-2.6.1.aarch64", "SUSE Linux Enterprise Module for Public Cloud 12:python3-brotlipy-0.6.0-2.6.1.ppc64le", "SUSE Linux Enterprise Module for Public Cloud 12:python3-brotlipy-0.6.0-2.6.1.s390x", "SUSE Linux Enterprise Module for Public Cloud 12:python3-brotlipy-0.6.0-2.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Public Cloud 12:python-brotlipy-0.6.0-2.6.1.aarch64", "SUSE Linux Enterprise Module for Public Cloud 12:python-brotlipy-0.6.0-2.6.1.ppc64le", "SUSE Linux Enterprise Module for Public Cloud 12:python-brotlipy-0.6.0-2.6.1.s390x", "SUSE Linux Enterprise Module for Public Cloud 12:python-brotlipy-0.6.0-2.6.1.x86_64", "SUSE Linux Enterprise Module for Public Cloud 12:python3-brotlipy-0.6.0-2.6.1.aarch64", "SUSE Linux Enterprise Module for Public Cloud 12:python3-brotlipy-0.6.0-2.6.1.ppc64le", "SUSE Linux Enterprise Module for Public Cloud 12:python3-brotlipy-0.6.0-2.6.1.s390x", "SUSE Linux Enterprise Module for Public Cloud 12:python3-brotlipy-0.6.0-2.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-09-19T09:50:34Z", details: "moderate", }, ], title: "CVE-2020-8927", }, ], }
suse-su-2023:3669-1
Vulnerability from csaf_suse
Published
2023-09-19 09:50
Modified
2023-09-19 09:50
Summary
Security update for python-brotlipy
Notes
Title of the patch
Security update for python-brotlipy
Description of the patch
This update for python-brotlipy fixes the following issues:
- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825).
Patchnames
SUSE-2023-3669,SUSE-SLE-Module-Public-Cloud-15-SP1-2023-3669,SUSE-SLE-Module-Public-Cloud-15-SP2-2023-3669
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for python-brotlipy", title: "Title of the patch", }, { category: "description", text: "This update for python-brotlipy fixes the following issues:\n\n- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2023-3669,SUSE-SLE-Module-Public-Cloud-15-SP1-2023-3669,SUSE-SLE-Module-Public-Cloud-15-SP2-2023-3669", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3669-1.json", }, { category: "self", summary: "URL for SUSE-SU-2023:3669-1", url: "https://www.suse.com/support/update/announcement/2023/suse-su-20233669-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2023:3669-1", url: "https://lists.suse.com/pipermail/sle-updates/2023-September/031550.html", }, { category: "self", summary: "SUSE Bug 1175825", url: "https://bugzilla.suse.com/1175825", }, { category: "self", summary: "SUSE CVE CVE-2020-8927 page", url: "https://www.suse.com/security/cve/CVE-2020-8927/", }, ], title: "Security update for python-brotlipy", tracking: { current_release_date: "2023-09-19T09:50:19Z", generator: { date: "2023-09-19T09:50:19Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2023:3669-1", initial_release_date: "2023-09-19T09:50:19Z", revision_history: [ { date: "2023-09-19T09:50:19Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "python2-brotlipy-0.7.0-150100.3.6.1.aarch64", product: { name: "python2-brotlipy-0.7.0-150100.3.6.1.aarch64", product_id: "python2-brotlipy-0.7.0-150100.3.6.1.aarch64", }, }, { category: "product_version", name: "python3-brotlipy-0.7.0-150100.3.6.1.aarch64", product: { name: "python3-brotlipy-0.7.0-150100.3.6.1.aarch64", product_id: "python3-brotlipy-0.7.0-150100.3.6.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "python2-brotlipy-0.7.0-150100.3.6.1.i586", product: { name: "python2-brotlipy-0.7.0-150100.3.6.1.i586", product_id: "python2-brotlipy-0.7.0-150100.3.6.1.i586", }, }, { category: "product_version", name: "python3-brotlipy-0.7.0-150100.3.6.1.i586", product: { name: "python3-brotlipy-0.7.0-150100.3.6.1.i586", product_id: "python3-brotlipy-0.7.0-150100.3.6.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "python2-brotlipy-0.7.0-150100.3.6.1.ppc64le", product: { name: "python2-brotlipy-0.7.0-150100.3.6.1.ppc64le", product_id: "python2-brotlipy-0.7.0-150100.3.6.1.ppc64le", }, }, { category: "product_version", name: "python3-brotlipy-0.7.0-150100.3.6.1.ppc64le", product: { name: "python3-brotlipy-0.7.0-150100.3.6.1.ppc64le", product_id: "python3-brotlipy-0.7.0-150100.3.6.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "python2-brotlipy-0.7.0-150100.3.6.1.s390x", product: { name: "python2-brotlipy-0.7.0-150100.3.6.1.s390x", product_id: "python2-brotlipy-0.7.0-150100.3.6.1.s390x", }, }, { category: "product_version", name: "python3-brotlipy-0.7.0-150100.3.6.1.s390x", product: { name: "python3-brotlipy-0.7.0-150100.3.6.1.s390x", product_id: "python3-brotlipy-0.7.0-150100.3.6.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "python2-brotlipy-0.7.0-150100.3.6.1.x86_64", product: { name: "python2-brotlipy-0.7.0-150100.3.6.1.x86_64", product_id: "python2-brotlipy-0.7.0-150100.3.6.1.x86_64", }, }, { category: "product_version", name: "python3-brotlipy-0.7.0-150100.3.6.1.x86_64", product: { name: "python3-brotlipy-0.7.0-150100.3.6.1.x86_64", product_id: "python3-brotlipy-0.7.0-150100.3.6.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Public Cloud 15 SP1", product: { name: "SUSE Linux Enterprise Module for Public Cloud 15 SP1", product_id: "SUSE Linux Enterprise Module for Public Cloud 15 SP1", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-public-cloud:15:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Public Cloud 15 SP2", product: { name: "SUSE Linux Enterprise Module for Public Cloud 15 SP2", product_id: "SUSE Linux Enterprise Module for Public Cloud 15 SP2", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-public-cloud:15:sp2", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "python3-brotlipy-0.7.0-150100.3.6.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP1", product_id: "SUSE Linux Enterprise Module for Public Cloud 15 SP1:python3-brotlipy-0.7.0-150100.3.6.1.aarch64", }, product_reference: "python3-brotlipy-0.7.0-150100.3.6.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Public Cloud 15 SP1", }, { category: "default_component_of", full_product_name: { name: "python3-brotlipy-0.7.0-150100.3.6.1.ppc64le as component of SUSE Linux Enterprise Module for Public Cloud 15 SP1", product_id: "SUSE Linux Enterprise Module for Public Cloud 15 SP1:python3-brotlipy-0.7.0-150100.3.6.1.ppc64le", }, product_reference: "python3-brotlipy-0.7.0-150100.3.6.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Public Cloud 15 SP1", }, { category: "default_component_of", full_product_name: { name: "python3-brotlipy-0.7.0-150100.3.6.1.s390x as component of SUSE Linux Enterprise Module for Public Cloud 15 SP1", product_id: "SUSE Linux Enterprise Module for Public Cloud 15 SP1:python3-brotlipy-0.7.0-150100.3.6.1.s390x", }, product_reference: "python3-brotlipy-0.7.0-150100.3.6.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Public Cloud 15 SP1", }, { category: "default_component_of", full_product_name: { name: "python3-brotlipy-0.7.0-150100.3.6.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP1", product_id: "SUSE Linux Enterprise Module for Public Cloud 15 SP1:python3-brotlipy-0.7.0-150100.3.6.1.x86_64", }, product_reference: "python3-brotlipy-0.7.0-150100.3.6.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Public Cloud 15 SP1", }, { category: "default_component_of", full_product_name: { name: "python3-brotlipy-0.7.0-150100.3.6.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP2", product_id: "SUSE Linux Enterprise Module for Public Cloud 15 SP2:python3-brotlipy-0.7.0-150100.3.6.1.aarch64", }, product_reference: "python3-brotlipy-0.7.0-150100.3.6.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Public Cloud 15 SP2", }, { category: "default_component_of", full_product_name: { name: "python3-brotlipy-0.7.0-150100.3.6.1.ppc64le as component of SUSE Linux Enterprise Module for Public Cloud 15 SP2", product_id: "SUSE Linux Enterprise Module for Public Cloud 15 SP2:python3-brotlipy-0.7.0-150100.3.6.1.ppc64le", }, product_reference: "python3-brotlipy-0.7.0-150100.3.6.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Public Cloud 15 SP2", }, { category: "default_component_of", full_product_name: { name: "python3-brotlipy-0.7.0-150100.3.6.1.s390x as component of SUSE Linux Enterprise Module for Public Cloud 15 SP2", product_id: "SUSE Linux Enterprise Module for Public Cloud 15 SP2:python3-brotlipy-0.7.0-150100.3.6.1.s390x", }, product_reference: "python3-brotlipy-0.7.0-150100.3.6.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Public Cloud 15 SP2", }, { category: "default_component_of", full_product_name: { name: "python3-brotlipy-0.7.0-150100.3.6.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP2", product_id: "SUSE Linux Enterprise Module for Public Cloud 15 SP2:python3-brotlipy-0.7.0-150100.3.6.1.x86_64", }, product_reference: "python3-brotlipy-0.7.0-150100.3.6.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Public Cloud 15 SP2", }, ], }, vulnerabilities: [ { cve: "CVE-2020-8927", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-8927", }, ], notes: [ { category: "general", text: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Public Cloud 15 SP1:python3-brotlipy-0.7.0-150100.3.6.1.aarch64", "SUSE Linux Enterprise Module for Public Cloud 15 SP1:python3-brotlipy-0.7.0-150100.3.6.1.ppc64le", "SUSE Linux Enterprise Module for Public Cloud 15 SP1:python3-brotlipy-0.7.0-150100.3.6.1.s390x", "SUSE Linux Enterprise Module for Public Cloud 15 SP1:python3-brotlipy-0.7.0-150100.3.6.1.x86_64", "SUSE Linux Enterprise Module for Public Cloud 15 SP2:python3-brotlipy-0.7.0-150100.3.6.1.aarch64", "SUSE Linux Enterprise Module for Public Cloud 15 SP2:python3-brotlipy-0.7.0-150100.3.6.1.ppc64le", "SUSE Linux Enterprise Module for Public Cloud 15 SP2:python3-brotlipy-0.7.0-150100.3.6.1.s390x", "SUSE Linux Enterprise Module for Public Cloud 15 SP2:python3-brotlipy-0.7.0-150100.3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-8927", url: "https://www.suse.com/security/cve/CVE-2020-8927", }, { category: "external", summary: "SUSE Bug 1175825 for CVE-2020-8927", url: "https://bugzilla.suse.com/1175825", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Public Cloud 15 SP1:python3-brotlipy-0.7.0-150100.3.6.1.aarch64", "SUSE Linux Enterprise Module for Public Cloud 15 SP1:python3-brotlipy-0.7.0-150100.3.6.1.ppc64le", "SUSE Linux Enterprise Module for Public Cloud 15 SP1:python3-brotlipy-0.7.0-150100.3.6.1.s390x", "SUSE Linux Enterprise Module for Public Cloud 15 SP1:python3-brotlipy-0.7.0-150100.3.6.1.x86_64", "SUSE Linux Enterprise Module for Public Cloud 15 SP2:python3-brotlipy-0.7.0-150100.3.6.1.aarch64", "SUSE Linux Enterprise Module for Public Cloud 15 SP2:python3-brotlipy-0.7.0-150100.3.6.1.ppc64le", "SUSE Linux Enterprise Module for Public Cloud 15 SP2:python3-brotlipy-0.7.0-150100.3.6.1.s390x", "SUSE Linux Enterprise Module for Public Cloud 15 SP2:python3-brotlipy-0.7.0-150100.3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Public Cloud 15 SP1:python3-brotlipy-0.7.0-150100.3.6.1.aarch64", "SUSE Linux Enterprise Module for Public Cloud 15 SP1:python3-brotlipy-0.7.0-150100.3.6.1.ppc64le", "SUSE Linux Enterprise Module for Public Cloud 15 SP1:python3-brotlipy-0.7.0-150100.3.6.1.s390x", "SUSE Linux Enterprise Module for Public Cloud 15 SP1:python3-brotlipy-0.7.0-150100.3.6.1.x86_64", "SUSE Linux Enterprise Module for Public Cloud 15 SP2:python3-brotlipy-0.7.0-150100.3.6.1.aarch64", "SUSE Linux Enterprise Module for Public Cloud 15 SP2:python3-brotlipy-0.7.0-150100.3.6.1.ppc64le", "SUSE Linux Enterprise Module for Public Cloud 15 SP2:python3-brotlipy-0.7.0-150100.3.6.1.s390x", "SUSE Linux Enterprise Module for Public Cloud 15 SP2:python3-brotlipy-0.7.0-150100.3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-09-19T09:50:19Z", details: "moderate", }, ], title: "CVE-2020-8927", }, ], }
suse-su-2023:3827-1
Vulnerability from csaf_suse
Published
2023-09-27 17:03
Modified
2023-09-27 17:03
Summary
Security update for python-brotlipy
Notes
Title of the patch
Security update for python-brotlipy
Description of the patch
This update for python-brotlipy fixes the following issues:
- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825).
Patchnames
SUSE-2023-3827,SUSE-SLE-Module-Public-Cloud-15-SP3-2023-3827,SUSE-SLE-Module-Public-Cloud-15-SP4-2023-3827,SUSE-SLE-Module-Public-Cloud-15-SP5-2023-3827,openSUSE-SLE-15.4-2023-3827,openSUSE-SLE-15.5-2023-3827
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for python-brotlipy", title: "Title of the patch", }, { category: "description", text: "This update for python-brotlipy fixes the following issues:\n\n- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2023-3827,SUSE-SLE-Module-Public-Cloud-15-SP3-2023-3827,SUSE-SLE-Module-Public-Cloud-15-SP4-2023-3827,SUSE-SLE-Module-Public-Cloud-15-SP5-2023-3827,openSUSE-SLE-15.4-2023-3827,openSUSE-SLE-15.5-2023-3827", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3827-1.json", }, { category: "self", summary: "URL for SUSE-SU-2023:3827-1", url: "https://www.suse.com/support/update/announcement/2023/suse-su-20233827-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2023:3827-1", url: "https://lists.suse.com/pipermail/sle-updates/2023-September/031738.html", }, { category: "self", summary: "SUSE Bug 1175825", url: "https://bugzilla.suse.com/1175825", }, { category: "self", summary: "SUSE CVE CVE-2020-8927 page", url: "https://www.suse.com/security/cve/CVE-2020-8927/", }, ], title: "Security update for python-brotlipy", tracking: { current_release_date: "2023-09-27T17:03:32Z", generator: { date: "2023-09-27T17:03:32Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2023:3827-1", initial_release_date: "2023-09-27T17:03:32Z", revision_history: [ { date: "2023-09-27T17:03:32Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "python2-brotlipy-0.7.0-150300.3.3.1.aarch64", product: { name: "python2-brotlipy-0.7.0-150300.3.3.1.aarch64", product_id: "python2-brotlipy-0.7.0-150300.3.3.1.aarch64", }, }, { category: "product_version", name: "python3-brotlipy-0.7.0-150300.3.3.1.aarch64", product: { name: "python3-brotlipy-0.7.0-150300.3.3.1.aarch64", product_id: "python3-brotlipy-0.7.0-150300.3.3.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "python2-brotlipy-0.7.0-150300.3.3.1.i586", product: { name: "python2-brotlipy-0.7.0-150300.3.3.1.i586", product_id: "python2-brotlipy-0.7.0-150300.3.3.1.i586", }, }, { category: "product_version", name: "python3-brotlipy-0.7.0-150300.3.3.1.i586", product: { name: "python3-brotlipy-0.7.0-150300.3.3.1.i586", product_id: "python3-brotlipy-0.7.0-150300.3.3.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "python2-brotlipy-0.7.0-150300.3.3.1.ppc64le", product: { name: "python2-brotlipy-0.7.0-150300.3.3.1.ppc64le", product_id: "python2-brotlipy-0.7.0-150300.3.3.1.ppc64le", }, }, { category: "product_version", name: "python3-brotlipy-0.7.0-150300.3.3.1.ppc64le", product: { name: "python3-brotlipy-0.7.0-150300.3.3.1.ppc64le", product_id: "python3-brotlipy-0.7.0-150300.3.3.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "python2-brotlipy-0.7.0-150300.3.3.1.s390x", product: { name: "python2-brotlipy-0.7.0-150300.3.3.1.s390x", product_id: "python2-brotlipy-0.7.0-150300.3.3.1.s390x", }, }, { category: "product_version", name: "python3-brotlipy-0.7.0-150300.3.3.1.s390x", product: { name: "python3-brotlipy-0.7.0-150300.3.3.1.s390x", product_id: "python3-brotlipy-0.7.0-150300.3.3.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "python2-brotlipy-0.7.0-150300.3.3.1.x86_64", product: { name: "python2-brotlipy-0.7.0-150300.3.3.1.x86_64", product_id: "python2-brotlipy-0.7.0-150300.3.3.1.x86_64", }, }, { category: "product_version", name: "python3-brotlipy-0.7.0-150300.3.3.1.x86_64", product: { name: "python3-brotlipy-0.7.0-150300.3.3.1.x86_64", product_id: "python3-brotlipy-0.7.0-150300.3.3.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Public Cloud 15 SP3", product: { name: "SUSE Linux Enterprise Module for Public Cloud 15 SP3", product_id: "SUSE Linux Enterprise Module for Public Cloud 15 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-public-cloud:15:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Public Cloud 15 SP4", product: { name: "SUSE Linux Enterprise Module for Public Cloud 15 SP4", product_id: "SUSE Linux Enterprise Module for Public Cloud 15 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-public-cloud:15:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Public Cloud 15 SP5", product: { name: "SUSE Linux Enterprise Module for Public Cloud 15 SP5", product_id: "SUSE Linux Enterprise Module for Public Cloud 15 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-public-cloud:15:sp5", }, }, }, { category: "product_name", name: "openSUSE Leap 15.4", product: { name: "openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.4", }, }, }, { category: "product_name", name: "openSUSE Leap 15.5", product: { name: "openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.5", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "python3-brotlipy-0.7.0-150300.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP3", product_id: "SUSE Linux Enterprise Module for Public Cloud 15 SP3:python3-brotlipy-0.7.0-150300.3.3.1.aarch64", }, product_reference: "python3-brotlipy-0.7.0-150300.3.3.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Public Cloud 15 SP3", }, { category: "default_component_of", full_product_name: { name: "python3-brotlipy-0.7.0-150300.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Public Cloud 15 SP3", product_id: "SUSE Linux Enterprise Module for Public Cloud 15 SP3:python3-brotlipy-0.7.0-150300.3.3.1.ppc64le", }, product_reference: "python3-brotlipy-0.7.0-150300.3.3.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Public Cloud 15 SP3", }, { category: "default_component_of", full_product_name: { name: "python3-brotlipy-0.7.0-150300.3.3.1.s390x as component of SUSE Linux Enterprise Module for Public Cloud 15 SP3", product_id: "SUSE Linux Enterprise Module for Public Cloud 15 SP3:python3-brotlipy-0.7.0-150300.3.3.1.s390x", }, product_reference: "python3-brotlipy-0.7.0-150300.3.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Public Cloud 15 SP3", }, { category: "default_component_of", full_product_name: { name: "python3-brotlipy-0.7.0-150300.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP3", product_id: "SUSE Linux Enterprise Module for Public Cloud 15 SP3:python3-brotlipy-0.7.0-150300.3.3.1.x86_64", }, product_reference: "python3-brotlipy-0.7.0-150300.3.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Public Cloud 15 SP3", }, { category: "default_component_of", full_product_name: { name: "python3-brotlipy-0.7.0-150300.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP4", product_id: "SUSE Linux Enterprise Module for Public Cloud 15 SP4:python3-brotlipy-0.7.0-150300.3.3.1.aarch64", }, product_reference: "python3-brotlipy-0.7.0-150300.3.3.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Public Cloud 15 SP4", }, { category: "default_component_of", full_product_name: { name: "python3-brotlipy-0.7.0-150300.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Public Cloud 15 SP4", product_id: "SUSE Linux Enterprise Module for Public Cloud 15 SP4:python3-brotlipy-0.7.0-150300.3.3.1.ppc64le", }, product_reference: "python3-brotlipy-0.7.0-150300.3.3.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Public Cloud 15 SP4", }, { category: "default_component_of", full_product_name: { name: "python3-brotlipy-0.7.0-150300.3.3.1.s390x as component of SUSE Linux Enterprise Module for Public Cloud 15 SP4", product_id: "SUSE Linux Enterprise Module for Public Cloud 15 SP4:python3-brotlipy-0.7.0-150300.3.3.1.s390x", }, product_reference: "python3-brotlipy-0.7.0-150300.3.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Public Cloud 15 SP4", }, { category: "default_component_of", full_product_name: { name: "python3-brotlipy-0.7.0-150300.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP4", product_id: "SUSE Linux Enterprise Module for Public Cloud 15 SP4:python3-brotlipy-0.7.0-150300.3.3.1.x86_64", }, product_reference: "python3-brotlipy-0.7.0-150300.3.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Public Cloud 15 SP4", }, { category: "default_component_of", full_product_name: { name: "python3-brotlipy-0.7.0-150300.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP5", product_id: "SUSE Linux Enterprise Module for Public Cloud 15 SP5:python3-brotlipy-0.7.0-150300.3.3.1.aarch64", }, product_reference: "python3-brotlipy-0.7.0-150300.3.3.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Public Cloud 15 SP5", }, { category: "default_component_of", full_product_name: { name: "python3-brotlipy-0.7.0-150300.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Public Cloud 15 SP5", product_id: "SUSE Linux Enterprise Module for Public Cloud 15 SP5:python3-brotlipy-0.7.0-150300.3.3.1.ppc64le", }, product_reference: "python3-brotlipy-0.7.0-150300.3.3.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Public Cloud 15 SP5", }, { category: "default_component_of", full_product_name: { name: "python3-brotlipy-0.7.0-150300.3.3.1.s390x as component of SUSE Linux Enterprise Module for Public Cloud 15 SP5", product_id: "SUSE Linux Enterprise Module for Public Cloud 15 SP5:python3-brotlipy-0.7.0-150300.3.3.1.s390x", }, product_reference: "python3-brotlipy-0.7.0-150300.3.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Public Cloud 15 SP5", }, { category: "default_component_of", full_product_name: { name: "python3-brotlipy-0.7.0-150300.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP5", product_id: "SUSE Linux Enterprise Module for Public Cloud 15 SP5:python3-brotlipy-0.7.0-150300.3.3.1.x86_64", }, product_reference: "python3-brotlipy-0.7.0-150300.3.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Public Cloud 15 SP5", }, { category: "default_component_of", full_product_name: { name: "python3-brotlipy-0.7.0-150300.3.3.1.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:python3-brotlipy-0.7.0-150300.3.3.1.aarch64", }, product_reference: "python3-brotlipy-0.7.0-150300.3.3.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "python3-brotlipy-0.7.0-150300.3.3.1.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:python3-brotlipy-0.7.0-150300.3.3.1.ppc64le", }, product_reference: "python3-brotlipy-0.7.0-150300.3.3.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "python3-brotlipy-0.7.0-150300.3.3.1.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:python3-brotlipy-0.7.0-150300.3.3.1.s390x", }, product_reference: "python3-brotlipy-0.7.0-150300.3.3.1.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "python3-brotlipy-0.7.0-150300.3.3.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:python3-brotlipy-0.7.0-150300.3.3.1.x86_64", }, product_reference: "python3-brotlipy-0.7.0-150300.3.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "python3-brotlipy-0.7.0-150300.3.3.1.aarch64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:python3-brotlipy-0.7.0-150300.3.3.1.aarch64", }, product_reference: "python3-brotlipy-0.7.0-150300.3.3.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "python3-brotlipy-0.7.0-150300.3.3.1.ppc64le as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:python3-brotlipy-0.7.0-150300.3.3.1.ppc64le", }, product_reference: "python3-brotlipy-0.7.0-150300.3.3.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "python3-brotlipy-0.7.0-150300.3.3.1.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:python3-brotlipy-0.7.0-150300.3.3.1.s390x", }, product_reference: "python3-brotlipy-0.7.0-150300.3.3.1.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "python3-brotlipy-0.7.0-150300.3.3.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:python3-brotlipy-0.7.0-150300.3.3.1.x86_64", }, product_reference: "python3-brotlipy-0.7.0-150300.3.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, ], }, vulnerabilities: [ { cve: "CVE-2020-8927", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-8927", }, ], notes: [ { category: "general", text: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Public Cloud 15 SP3:python3-brotlipy-0.7.0-150300.3.3.1.aarch64", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:python3-brotlipy-0.7.0-150300.3.3.1.ppc64le", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:python3-brotlipy-0.7.0-150300.3.3.1.s390x", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:python3-brotlipy-0.7.0-150300.3.3.1.x86_64", "SUSE Linux Enterprise Module for Public Cloud 15 SP4:python3-brotlipy-0.7.0-150300.3.3.1.aarch64", "SUSE Linux Enterprise Module for Public Cloud 15 SP4:python3-brotlipy-0.7.0-150300.3.3.1.ppc64le", "SUSE Linux Enterprise Module for Public Cloud 15 SP4:python3-brotlipy-0.7.0-150300.3.3.1.s390x", "SUSE Linux Enterprise Module for Public Cloud 15 SP4:python3-brotlipy-0.7.0-150300.3.3.1.x86_64", "SUSE Linux Enterprise Module for Public Cloud 15 SP5:python3-brotlipy-0.7.0-150300.3.3.1.aarch64", "SUSE Linux Enterprise Module for Public Cloud 15 SP5:python3-brotlipy-0.7.0-150300.3.3.1.ppc64le", "SUSE Linux Enterprise Module for Public Cloud 15 SP5:python3-brotlipy-0.7.0-150300.3.3.1.s390x", "SUSE Linux Enterprise Module for Public Cloud 15 SP5:python3-brotlipy-0.7.0-150300.3.3.1.x86_64", "openSUSE Leap 15.4:python3-brotlipy-0.7.0-150300.3.3.1.aarch64", "openSUSE Leap 15.4:python3-brotlipy-0.7.0-150300.3.3.1.ppc64le", "openSUSE Leap 15.4:python3-brotlipy-0.7.0-150300.3.3.1.s390x", "openSUSE Leap 15.4:python3-brotlipy-0.7.0-150300.3.3.1.x86_64", "openSUSE Leap 15.5:python3-brotlipy-0.7.0-150300.3.3.1.aarch64", "openSUSE Leap 15.5:python3-brotlipy-0.7.0-150300.3.3.1.ppc64le", "openSUSE Leap 15.5:python3-brotlipy-0.7.0-150300.3.3.1.s390x", "openSUSE Leap 15.5:python3-brotlipy-0.7.0-150300.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-8927", url: "https://www.suse.com/security/cve/CVE-2020-8927", }, { category: "external", summary: "SUSE Bug 1175825 for CVE-2020-8927", url: "https://bugzilla.suse.com/1175825", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Public Cloud 15 SP3:python3-brotlipy-0.7.0-150300.3.3.1.aarch64", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:python3-brotlipy-0.7.0-150300.3.3.1.ppc64le", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:python3-brotlipy-0.7.0-150300.3.3.1.s390x", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:python3-brotlipy-0.7.0-150300.3.3.1.x86_64", "SUSE Linux Enterprise Module for Public Cloud 15 SP4:python3-brotlipy-0.7.0-150300.3.3.1.aarch64", "SUSE Linux Enterprise Module for Public Cloud 15 SP4:python3-brotlipy-0.7.0-150300.3.3.1.ppc64le", "SUSE Linux Enterprise Module for Public Cloud 15 SP4:python3-brotlipy-0.7.0-150300.3.3.1.s390x", "SUSE Linux Enterprise Module for Public Cloud 15 SP4:python3-brotlipy-0.7.0-150300.3.3.1.x86_64", "SUSE Linux Enterprise Module for Public Cloud 15 SP5:python3-brotlipy-0.7.0-150300.3.3.1.aarch64", "SUSE Linux Enterprise Module for Public Cloud 15 SP5:python3-brotlipy-0.7.0-150300.3.3.1.ppc64le", "SUSE Linux Enterprise Module for Public Cloud 15 SP5:python3-brotlipy-0.7.0-150300.3.3.1.s390x", "SUSE Linux Enterprise Module for Public Cloud 15 SP5:python3-brotlipy-0.7.0-150300.3.3.1.x86_64", "openSUSE Leap 15.4:python3-brotlipy-0.7.0-150300.3.3.1.aarch64", "openSUSE Leap 15.4:python3-brotlipy-0.7.0-150300.3.3.1.ppc64le", "openSUSE Leap 15.4:python3-brotlipy-0.7.0-150300.3.3.1.s390x", "openSUSE Leap 15.4:python3-brotlipy-0.7.0-150300.3.3.1.x86_64", "openSUSE Leap 15.5:python3-brotlipy-0.7.0-150300.3.3.1.aarch64", "openSUSE Leap 15.5:python3-brotlipy-0.7.0-150300.3.3.1.ppc64le", "openSUSE Leap 15.5:python3-brotlipy-0.7.0-150300.3.3.1.s390x", "openSUSE Leap 15.5:python3-brotlipy-0.7.0-150300.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Public Cloud 15 SP3:python3-brotlipy-0.7.0-150300.3.3.1.aarch64", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:python3-brotlipy-0.7.0-150300.3.3.1.ppc64le", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:python3-brotlipy-0.7.0-150300.3.3.1.s390x", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:python3-brotlipy-0.7.0-150300.3.3.1.x86_64", "SUSE Linux Enterprise Module for Public Cloud 15 SP4:python3-brotlipy-0.7.0-150300.3.3.1.aarch64", "SUSE Linux Enterprise Module for Public Cloud 15 SP4:python3-brotlipy-0.7.0-150300.3.3.1.ppc64le", "SUSE Linux Enterprise Module for Public Cloud 15 SP4:python3-brotlipy-0.7.0-150300.3.3.1.s390x", "SUSE Linux Enterprise Module for Public Cloud 15 SP4:python3-brotlipy-0.7.0-150300.3.3.1.x86_64", "SUSE Linux Enterprise Module for Public Cloud 15 SP5:python3-brotlipy-0.7.0-150300.3.3.1.aarch64", "SUSE Linux Enterprise Module for Public Cloud 15 SP5:python3-brotlipy-0.7.0-150300.3.3.1.ppc64le", "SUSE Linux Enterprise Module for Public Cloud 15 SP5:python3-brotlipy-0.7.0-150300.3.3.1.s390x", "SUSE Linux Enterprise Module for Public Cloud 15 SP5:python3-brotlipy-0.7.0-150300.3.3.1.x86_64", "openSUSE Leap 15.4:python3-brotlipy-0.7.0-150300.3.3.1.aarch64", "openSUSE Leap 15.4:python3-brotlipy-0.7.0-150300.3.3.1.ppc64le", "openSUSE Leap 15.4:python3-brotlipy-0.7.0-150300.3.3.1.s390x", "openSUSE Leap 15.4:python3-brotlipy-0.7.0-150300.3.3.1.x86_64", "openSUSE Leap 15.5:python3-brotlipy-0.7.0-150300.3.3.1.aarch64", "openSUSE Leap 15.5:python3-brotlipy-0.7.0-150300.3.3.1.ppc64le", "openSUSE Leap 15.5:python3-brotlipy-0.7.0-150300.3.3.1.s390x", "openSUSE Leap 15.5:python3-brotlipy-0.7.0-150300.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-09-27T17:03:32Z", details: "moderate", }, ], title: "CVE-2020-8927", }, ], }
suse-su-2021:3942-1
Vulnerability from csaf_suse
Published
2021-12-06 13:46
Modified
2021-12-06 13:46
Summary
Security update for brotli
Notes
Title of the patch
Security update for brotli
Description of the patch
This update for brotli fixes the following issues:
- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825).
Patchnames
SUSE-2021-3942,SUSE-SLE-Module-Basesystem-15-SP2-2021-3942,SUSE-SLE-Module-Basesystem-15-SP3-2021-3942
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for brotli", title: "Title of the patch", }, { category: "description", text: "This update for brotli fixes the following issues:\n\n- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2021-3942,SUSE-SLE-Module-Basesystem-15-SP2-2021-3942,SUSE-SLE-Module-Basesystem-15-SP3-2021-3942", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_3942-1.json", }, { category: "self", summary: "URL for SUSE-SU-2021:3942-1", url: "https://www.suse.com/support/update/announcement/2021/suse-su-20213942-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2021:3942-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2021-December/009849.html", }, { category: "self", summary: "SUSE Bug 1175825", url: "https://bugzilla.suse.com/1175825", }, { category: "self", summary: "SUSE CVE CVE-2020-8927 page", url: "https://www.suse.com/security/cve/CVE-2020-8927/", }, ], title: "Security update for brotli", tracking: { current_release_date: "2021-12-06T13:46:22Z", generator: { date: "2021-12-06T13:46:22Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2021:3942-1", initial_release_date: "2021-12-06T13:46:22Z", revision_history: [ { date: "2021-12-06T13:46:22Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "brotli-1.0.7-3.3.1.aarch64", product: { name: "brotli-1.0.7-3.3.1.aarch64", product_id: "brotli-1.0.7-3.3.1.aarch64", }, }, { category: "product_version", name: "libbrotli-devel-1.0.7-3.3.1.aarch64", product: { name: "libbrotli-devel-1.0.7-3.3.1.aarch64", product_id: "libbrotli-devel-1.0.7-3.3.1.aarch64", }, }, { category: "product_version", name: "libbrotlicommon1-1.0.7-3.3.1.aarch64", product: { name: "libbrotlicommon1-1.0.7-3.3.1.aarch64", product_id: "libbrotlicommon1-1.0.7-3.3.1.aarch64", }, }, { category: "product_version", name: "libbrotlidec1-1.0.7-3.3.1.aarch64", product: { name: "libbrotlidec1-1.0.7-3.3.1.aarch64", product_id: "libbrotlidec1-1.0.7-3.3.1.aarch64", }, }, { category: "product_version", name: "libbrotlienc1-1.0.7-3.3.1.aarch64", product: { name: "libbrotlienc1-1.0.7-3.3.1.aarch64", product_id: "libbrotlienc1-1.0.7-3.3.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libbrotlicommon1-64bit-1.0.7-3.3.1.aarch64_ilp32", product: { name: "libbrotlicommon1-64bit-1.0.7-3.3.1.aarch64_ilp32", product_id: "libbrotlicommon1-64bit-1.0.7-3.3.1.aarch64_ilp32", }, }, { category: "product_version", name: "libbrotlidec1-64bit-1.0.7-3.3.1.aarch64_ilp32", product: { name: "libbrotlidec1-64bit-1.0.7-3.3.1.aarch64_ilp32", product_id: "libbrotlidec1-64bit-1.0.7-3.3.1.aarch64_ilp32", }, }, { category: "product_version", name: "libbrotlienc1-64bit-1.0.7-3.3.1.aarch64_ilp32", product: { name: "libbrotlienc1-64bit-1.0.7-3.3.1.aarch64_ilp32", product_id: "libbrotlienc1-64bit-1.0.7-3.3.1.aarch64_ilp32", }, }, ], category: "architecture", name: "aarch64_ilp32", }, { branches: [ { category: "product_version", name: "brotli-1.0.7-3.3.1.i586", product: { name: "brotli-1.0.7-3.3.1.i586", product_id: "brotli-1.0.7-3.3.1.i586", }, }, { category: "product_version", name: "libbrotli-devel-1.0.7-3.3.1.i586", product: { name: "libbrotli-devel-1.0.7-3.3.1.i586", product_id: "libbrotli-devel-1.0.7-3.3.1.i586", }, }, { category: "product_version", name: "libbrotlicommon1-1.0.7-3.3.1.i586", product: { name: "libbrotlicommon1-1.0.7-3.3.1.i586", product_id: "libbrotlicommon1-1.0.7-3.3.1.i586", }, }, { category: "product_version", name: "libbrotlidec1-1.0.7-3.3.1.i586", product: { name: "libbrotlidec1-1.0.7-3.3.1.i586", product_id: "libbrotlidec1-1.0.7-3.3.1.i586", }, }, { category: "product_version", name: "libbrotlienc1-1.0.7-3.3.1.i586", product: { name: "libbrotlienc1-1.0.7-3.3.1.i586", product_id: "libbrotlienc1-1.0.7-3.3.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "brotli-1.0.7-3.3.1.ppc64le", product: { name: "brotli-1.0.7-3.3.1.ppc64le", product_id: "brotli-1.0.7-3.3.1.ppc64le", }, }, { category: "product_version", name: "libbrotli-devel-1.0.7-3.3.1.ppc64le", product: { name: "libbrotli-devel-1.0.7-3.3.1.ppc64le", product_id: "libbrotli-devel-1.0.7-3.3.1.ppc64le", }, }, { category: "product_version", name: "libbrotlicommon1-1.0.7-3.3.1.ppc64le", product: { name: "libbrotlicommon1-1.0.7-3.3.1.ppc64le", product_id: "libbrotlicommon1-1.0.7-3.3.1.ppc64le", }, }, { category: "product_version", name: "libbrotlidec1-1.0.7-3.3.1.ppc64le", product: { name: "libbrotlidec1-1.0.7-3.3.1.ppc64le", product_id: "libbrotlidec1-1.0.7-3.3.1.ppc64le", }, }, { category: "product_version", name: "libbrotlienc1-1.0.7-3.3.1.ppc64le", product: { name: "libbrotlienc1-1.0.7-3.3.1.ppc64le", product_id: "libbrotlienc1-1.0.7-3.3.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "brotli-1.0.7-3.3.1.s390x", product: { name: "brotli-1.0.7-3.3.1.s390x", product_id: "brotli-1.0.7-3.3.1.s390x", }, }, { category: "product_version", name: "libbrotli-devel-1.0.7-3.3.1.s390x", product: { name: "libbrotli-devel-1.0.7-3.3.1.s390x", product_id: "libbrotli-devel-1.0.7-3.3.1.s390x", }, }, { category: "product_version", name: "libbrotlicommon1-1.0.7-3.3.1.s390x", product: { name: "libbrotlicommon1-1.0.7-3.3.1.s390x", product_id: "libbrotlicommon1-1.0.7-3.3.1.s390x", }, }, { category: "product_version", name: "libbrotlidec1-1.0.7-3.3.1.s390x", product: { name: "libbrotlidec1-1.0.7-3.3.1.s390x", product_id: "libbrotlidec1-1.0.7-3.3.1.s390x", }, }, { category: "product_version", name: "libbrotlienc1-1.0.7-3.3.1.s390x", product: { name: "libbrotlienc1-1.0.7-3.3.1.s390x", product_id: "libbrotlienc1-1.0.7-3.3.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "brotli-1.0.7-3.3.1.x86_64", product: { name: "brotli-1.0.7-3.3.1.x86_64", product_id: "brotli-1.0.7-3.3.1.x86_64", }, }, { category: "product_version", name: "libbrotli-devel-1.0.7-3.3.1.x86_64", product: { name: "libbrotli-devel-1.0.7-3.3.1.x86_64", product_id: "libbrotli-devel-1.0.7-3.3.1.x86_64", }, }, { category: "product_version", name: "libbrotlicommon1-1.0.7-3.3.1.x86_64", product: { name: "libbrotlicommon1-1.0.7-3.3.1.x86_64", product_id: "libbrotlicommon1-1.0.7-3.3.1.x86_64", }, }, { category: "product_version", name: "libbrotlicommon1-32bit-1.0.7-3.3.1.x86_64", product: { name: "libbrotlicommon1-32bit-1.0.7-3.3.1.x86_64", product_id: "libbrotlicommon1-32bit-1.0.7-3.3.1.x86_64", }, }, { category: "product_version", name: "libbrotlidec1-1.0.7-3.3.1.x86_64", product: { name: "libbrotlidec1-1.0.7-3.3.1.x86_64", product_id: "libbrotlidec1-1.0.7-3.3.1.x86_64", }, }, { category: "product_version", name: "libbrotlidec1-32bit-1.0.7-3.3.1.x86_64", product: { name: "libbrotlidec1-32bit-1.0.7-3.3.1.x86_64", product_id: "libbrotlidec1-32bit-1.0.7-3.3.1.x86_64", }, }, { category: "product_version", name: "libbrotlienc1-1.0.7-3.3.1.x86_64", product: { name: "libbrotlienc1-1.0.7-3.3.1.x86_64", product_id: "libbrotlienc1-1.0.7-3.3.1.x86_64", }, }, { category: "product_version", name: "libbrotlienc1-32bit-1.0.7-3.3.1.x86_64", product: { name: "libbrotlienc1-32bit-1.0.7-3.3.1.x86_64", product_id: "libbrotlienc1-32bit-1.0.7-3.3.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Basesystem 15 SP2", product: { name: "SUSE Linux Enterprise Module for Basesystem 15 SP2", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP2", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-basesystem:15:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Basesystem 15 SP3", product: { name: "SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-basesystem:15:sp3", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libbrotli-devel-1.0.7-3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotli-devel-1.0.7-3.3.1.aarch64", }, product_reference: "libbrotli-devel-1.0.7-3.3.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP2", }, { category: "default_component_of", full_product_name: { name: "libbrotli-devel-1.0.7-3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP2", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotli-devel-1.0.7-3.3.1.ppc64le", }, product_reference: "libbrotli-devel-1.0.7-3.3.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP2", }, { category: "default_component_of", full_product_name: { name: "libbrotli-devel-1.0.7-3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP2", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotli-devel-1.0.7-3.3.1.s390x", }, product_reference: "libbrotli-devel-1.0.7-3.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP2", }, { category: "default_component_of", full_product_name: { name: "libbrotli-devel-1.0.7-3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotli-devel-1.0.7-3.3.1.x86_64", }, product_reference: "libbrotli-devel-1.0.7-3.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP2", }, { category: "default_component_of", full_product_name: { name: "libbrotlicommon1-1.0.7-3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlicommon1-1.0.7-3.3.1.aarch64", }, product_reference: "libbrotlicommon1-1.0.7-3.3.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP2", }, { category: "default_component_of", full_product_name: { name: "libbrotlicommon1-1.0.7-3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP2", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlicommon1-1.0.7-3.3.1.ppc64le", }, product_reference: "libbrotlicommon1-1.0.7-3.3.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP2", }, { category: "default_component_of", full_product_name: { name: "libbrotlicommon1-1.0.7-3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP2", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlicommon1-1.0.7-3.3.1.s390x", }, product_reference: "libbrotlicommon1-1.0.7-3.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP2", }, { category: "default_component_of", full_product_name: { name: "libbrotlicommon1-1.0.7-3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlicommon1-1.0.7-3.3.1.x86_64", }, product_reference: "libbrotlicommon1-1.0.7-3.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP2", }, { category: "default_component_of", full_product_name: { name: "libbrotlidec1-1.0.7-3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlidec1-1.0.7-3.3.1.aarch64", }, product_reference: "libbrotlidec1-1.0.7-3.3.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP2", }, { category: "default_component_of", full_product_name: { name: "libbrotlidec1-1.0.7-3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP2", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlidec1-1.0.7-3.3.1.ppc64le", }, product_reference: "libbrotlidec1-1.0.7-3.3.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP2", }, { category: "default_component_of", full_product_name: { name: "libbrotlidec1-1.0.7-3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP2", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlidec1-1.0.7-3.3.1.s390x", }, product_reference: "libbrotlidec1-1.0.7-3.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP2", }, { category: "default_component_of", full_product_name: { name: "libbrotlidec1-1.0.7-3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlidec1-1.0.7-3.3.1.x86_64", }, product_reference: "libbrotlidec1-1.0.7-3.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP2", }, { category: "default_component_of", full_product_name: { name: "libbrotlienc1-1.0.7-3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlienc1-1.0.7-3.3.1.aarch64", }, product_reference: "libbrotlienc1-1.0.7-3.3.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP2", }, { category: "default_component_of", full_product_name: { name: "libbrotlienc1-1.0.7-3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP2", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlienc1-1.0.7-3.3.1.ppc64le", }, product_reference: "libbrotlienc1-1.0.7-3.3.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP2", }, { category: "default_component_of", full_product_name: { name: "libbrotlienc1-1.0.7-3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP2", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlienc1-1.0.7-3.3.1.s390x", }, product_reference: "libbrotlienc1-1.0.7-3.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP2", }, { category: "default_component_of", full_product_name: { name: "libbrotlienc1-1.0.7-3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlienc1-1.0.7-3.3.1.x86_64", }, product_reference: "libbrotlienc1-1.0.7-3.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP2", }, { category: "default_component_of", full_product_name: { name: "libbrotli-devel-1.0.7-3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotli-devel-1.0.7-3.3.1.aarch64", }, product_reference: "libbrotli-devel-1.0.7-3.3.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "libbrotli-devel-1.0.7-3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotli-devel-1.0.7-3.3.1.ppc64le", }, product_reference: "libbrotli-devel-1.0.7-3.3.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "libbrotli-devel-1.0.7-3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotli-devel-1.0.7-3.3.1.s390x", }, product_reference: "libbrotli-devel-1.0.7-3.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "libbrotli-devel-1.0.7-3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotli-devel-1.0.7-3.3.1.x86_64", }, product_reference: "libbrotli-devel-1.0.7-3.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "libbrotlicommon1-1.0.7-3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlicommon1-1.0.7-3.3.1.aarch64", }, product_reference: "libbrotlicommon1-1.0.7-3.3.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "libbrotlicommon1-1.0.7-3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlicommon1-1.0.7-3.3.1.ppc64le", }, product_reference: "libbrotlicommon1-1.0.7-3.3.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "libbrotlicommon1-1.0.7-3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlicommon1-1.0.7-3.3.1.s390x", }, product_reference: "libbrotlicommon1-1.0.7-3.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "libbrotlicommon1-1.0.7-3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlicommon1-1.0.7-3.3.1.x86_64", }, product_reference: "libbrotlicommon1-1.0.7-3.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "libbrotlidec1-1.0.7-3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlidec1-1.0.7-3.3.1.aarch64", }, product_reference: "libbrotlidec1-1.0.7-3.3.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "libbrotlidec1-1.0.7-3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlidec1-1.0.7-3.3.1.ppc64le", }, product_reference: "libbrotlidec1-1.0.7-3.3.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "libbrotlidec1-1.0.7-3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlidec1-1.0.7-3.3.1.s390x", }, product_reference: "libbrotlidec1-1.0.7-3.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "libbrotlidec1-1.0.7-3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlidec1-1.0.7-3.3.1.x86_64", }, product_reference: "libbrotlidec1-1.0.7-3.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "libbrotlienc1-1.0.7-3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlienc1-1.0.7-3.3.1.aarch64", }, product_reference: "libbrotlienc1-1.0.7-3.3.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "libbrotlienc1-1.0.7-3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlienc1-1.0.7-3.3.1.ppc64le", }, product_reference: "libbrotlienc1-1.0.7-3.3.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "libbrotlienc1-1.0.7-3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlienc1-1.0.7-3.3.1.s390x", }, product_reference: "libbrotlienc1-1.0.7-3.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "libbrotlienc1-1.0.7-3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlienc1-1.0.7-3.3.1.x86_64", }, product_reference: "libbrotlienc1-1.0.7-3.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, ], }, vulnerabilities: [ { cve: "CVE-2020-8927", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-8927", }, ], notes: [ { category: "general", text: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotli-devel-1.0.7-3.3.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotli-devel-1.0.7-3.3.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotli-devel-1.0.7-3.3.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotli-devel-1.0.7-3.3.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlicommon1-1.0.7-3.3.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlicommon1-1.0.7-3.3.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlicommon1-1.0.7-3.3.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlicommon1-1.0.7-3.3.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlidec1-1.0.7-3.3.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlidec1-1.0.7-3.3.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlidec1-1.0.7-3.3.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlidec1-1.0.7-3.3.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlienc1-1.0.7-3.3.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlienc1-1.0.7-3.3.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlienc1-1.0.7-3.3.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlienc1-1.0.7-3.3.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotli-devel-1.0.7-3.3.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotli-devel-1.0.7-3.3.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotli-devel-1.0.7-3.3.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotli-devel-1.0.7-3.3.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlicommon1-1.0.7-3.3.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlicommon1-1.0.7-3.3.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlicommon1-1.0.7-3.3.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlicommon1-1.0.7-3.3.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlidec1-1.0.7-3.3.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlidec1-1.0.7-3.3.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlidec1-1.0.7-3.3.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlidec1-1.0.7-3.3.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlienc1-1.0.7-3.3.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlienc1-1.0.7-3.3.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlienc1-1.0.7-3.3.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlienc1-1.0.7-3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-8927", url: "https://www.suse.com/security/cve/CVE-2020-8927", }, { category: "external", summary: "SUSE Bug 1175825 for CVE-2020-8927", url: "https://bugzilla.suse.com/1175825", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotli-devel-1.0.7-3.3.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotli-devel-1.0.7-3.3.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotli-devel-1.0.7-3.3.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotli-devel-1.0.7-3.3.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlicommon1-1.0.7-3.3.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlicommon1-1.0.7-3.3.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlicommon1-1.0.7-3.3.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlicommon1-1.0.7-3.3.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlidec1-1.0.7-3.3.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlidec1-1.0.7-3.3.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlidec1-1.0.7-3.3.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlidec1-1.0.7-3.3.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlienc1-1.0.7-3.3.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlienc1-1.0.7-3.3.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlienc1-1.0.7-3.3.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlienc1-1.0.7-3.3.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotli-devel-1.0.7-3.3.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotli-devel-1.0.7-3.3.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotli-devel-1.0.7-3.3.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotli-devel-1.0.7-3.3.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlicommon1-1.0.7-3.3.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlicommon1-1.0.7-3.3.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlicommon1-1.0.7-3.3.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlicommon1-1.0.7-3.3.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlidec1-1.0.7-3.3.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlidec1-1.0.7-3.3.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlidec1-1.0.7-3.3.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlidec1-1.0.7-3.3.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlienc1-1.0.7-3.3.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlienc1-1.0.7-3.3.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlienc1-1.0.7-3.3.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlienc1-1.0.7-3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotli-devel-1.0.7-3.3.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotli-devel-1.0.7-3.3.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotli-devel-1.0.7-3.3.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotli-devel-1.0.7-3.3.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlicommon1-1.0.7-3.3.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlicommon1-1.0.7-3.3.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlicommon1-1.0.7-3.3.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlicommon1-1.0.7-3.3.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlidec1-1.0.7-3.3.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlidec1-1.0.7-3.3.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlidec1-1.0.7-3.3.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlidec1-1.0.7-3.3.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlienc1-1.0.7-3.3.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlienc1-1.0.7-3.3.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlienc1-1.0.7-3.3.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP2:libbrotlienc1-1.0.7-3.3.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotli-devel-1.0.7-3.3.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotli-devel-1.0.7-3.3.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotli-devel-1.0.7-3.3.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotli-devel-1.0.7-3.3.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlicommon1-1.0.7-3.3.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlicommon1-1.0.7-3.3.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlicommon1-1.0.7-3.3.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlicommon1-1.0.7-3.3.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlidec1-1.0.7-3.3.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlidec1-1.0.7-3.3.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlidec1-1.0.7-3.3.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlidec1-1.0.7-3.3.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlienc1-1.0.7-3.3.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlienc1-1.0.7-3.3.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlienc1-1.0.7-3.3.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP3:libbrotlienc1-1.0.7-3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-12-06T13:46:22Z", details: "moderate", }, ], title: "CVE-2020-8927", }, ], }
RHSA-2022:0827
Vulnerability from csaf_redhat
Published
2022-03-10 16:06
Modified
2025-03-19 15:59
Summary
Red Hat Security Advisory: .NET Core 3.1 security and bugfix update
Notes
Topic
An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.417 and .NET Runtime 3.1.23.
Security Fix(es):
* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)
* dotnet: double parser stack buffer overrun (CVE-2022-24512)
* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.417 and .NET Runtime 3.1.23.\n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)\n\n* dotnet: double parser stack buffer overrun (CVE-2022-24512)\n\n* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:0827", url: "https://access.redhat.com/errata/RHSA-2022:0827", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1879225", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1879225", }, { category: "external", summary: "2061847", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061847", }, { category: "external", summary: "2061854", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061854", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0827.json", }, ], title: "Red Hat Security Advisory: .NET Core 3.1 security and bugfix update", tracking: { current_release_date: "2025-03-19T15:59:41+00:00", generator: { date: "2025-03-19T15:59:41+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2022:0827", initial_release_date: "2022-03-10T16:06:18+00:00", revision_history: [ { date: "2022-03-10T16:06:18+00:00", number: "1", summary: "Initial version", }, { date: "2022-03-10T16:06:18+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-19T15:59:41+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 8)", product: { name: "Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:8::appstream", }, }, }, { category: "product_name", name: "Red Hat CodeReady Linux Builder (v. 8)", product: { name: "Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:8::crb", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", product: { name: "aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", product_id: "aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/aspnetcore-runtime-3.1@3.1.23-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", product: { name: "aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", product_id: "aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/aspnetcore-targeting-pack-3.1@3.1.23-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", product: { name: "dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", product_id: "dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-apphost-pack-3.1@3.1.23-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", product: { name: "dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", product_id: "dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-hostfxr-3.1@3.1.23-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", product: { name: "dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", product_id: "dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-runtime-3.1@3.1.23-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", product: { name: "dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", product_id: "dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-sdk-3.1@3.1.417-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", product: { name: "dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", product_id: "dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-targeting-pack-3.1@3.1.23-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", product: { name: "dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", product_id: "dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-templates-3.1@3.1.417-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", product: { name: "dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", product_id: "dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet3.1-debugsource@3.1.417-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", product: { name: "dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", product_id: "dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-apphost-pack-3.1-debuginfo@3.1.23-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", product: { name: "dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", product_id: "dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-hostfxr-3.1-debuginfo@3.1.23-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", product: { name: "dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", product_id: "dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-runtime-3.1-debuginfo@3.1.23-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", product: { name: "dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", product_id: "dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-sdk-3.1-debuginfo@3.1.417-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", product: { name: "dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", product_id: "dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet3.1-debuginfo@3.1.417-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", product: { name: "dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", product_id: "dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-sdk-3.1-source-built-artifacts@3.1.417-1.el8_5?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "dotnet3.1-0:3.1.417-1.el8_5.src", product: { name: "dotnet3.1-0:3.1.417-1.el8_5.src", product_id: "dotnet3.1-0:3.1.417-1.el8_5.src", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet3.1@3.1.417-1.el8_5?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", }, product_reference: "aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", }, product_reference: "aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", }, product_reference: "dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", }, product_reference: "dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", }, product_reference: "dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", }, product_reference: "dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", }, product_reference: "dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", }, product_reference: "dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", }, product_reference: "dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", }, product_reference: "dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", }, product_reference: "dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", }, product_reference: "dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", }, product_reference: "dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet3.1-0:3.1.417-1.el8_5.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", }, product_reference: "dotnet3.1-0:3.1.417-1.el8_5.src", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", }, product_reference: "dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", }, product_reference: "dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", }, product_reference: "aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", }, product_reference: "aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", }, product_reference: "dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", }, product_reference: "dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", }, product_reference: "dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", }, product_reference: "dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", }, product_reference: "dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", }, product_reference: "dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", }, product_reference: "dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", }, product_reference: "dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", }, product_reference: "dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", }, product_reference: "dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", }, product_reference: "dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet3.1-0:3.1.417-1.el8_5.src as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", }, product_reference: "dotnet3.1-0:3.1.417-1.el8_5.src", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", }, product_reference: "dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", }, product_reference: "dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, ], }, vulnerabilities: [ { cve: "CVE-2020-8927", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, discovery_date: "2020-09-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1879225", }, ], notes: [ { category: "description", text: "A buffer overflow flaw was found in the Brotli library where an attacker could control the input length of a \"one-shot\" decompression request to a script that can trigger a crash. This issue can happen when copying chunks of data larger than 2 GiB.", title: "Vulnerability description", }, { category: "summary", text: "brotli: buffer overflow when input chunk is larger than 2GiB", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-8927", }, { category: "external", summary: "RHBZ#1879225", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1879225", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-8927", url: "https://www.cve.org/CVERecord?id=CVE-2020-8927", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", }, ], release_date: "2020-08-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-03-10T16:06:18+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:0827", }, { category: "workaround", details: "This flaw can be mitigated by using Streaming API instead of the One-Shot API and imposing chunk size limitations.", product_ids: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "brotli: buffer overflow when input chunk is larger than 2GiB", }, { cve: "CVE-2022-24464", cwe: { id: "CWE-1173", name: "Improper Use of Validation Framework", }, discovery_date: "2022-03-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2061847", }, ], notes: [ { category: "description", text: "A flaw was found in .NET Core, related to the FormPipeReader. This issue allows remote unauthenticated attackers to cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "dotnet: ASP.NET Denial of Service via FormPipeReader", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24464", }, { category: "external", summary: "RHBZ#2061847", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061847", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24464", url: "https://www.cve.org/CVERecord?id=CVE-2022-24464", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24464", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24464", }, { category: "external", summary: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24464", url: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24464", }, ], release_date: "2022-03-08T18:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-03-10T16:06:18+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:0827", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "dotnet: ASP.NET Denial of Service via FormPipeReader", }, { cve: "CVE-2022-24512", cwe: { id: "CWE-120", name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, discovery_date: "2022-03-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2061854", }, ], notes: [ { category: "description", text: "A flaw was found in dotnet, where a buffer overrun exists in the double parse routine, which could lead to remote code execution. This flaw allows an attacker to execute code remotely on the system, leading to some system compromise.", title: "Vulnerability description", }, { category: "summary", text: "dotnet: double parser stack buffer overrun", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24512", }, { category: "external", summary: "RHBZ#2061854", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061854", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24512", url: "https://www.cve.org/CVERecord?id=CVE-2022-24512", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24512", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24512", }, { category: "external", summary: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512", url: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512", }, ], release_date: "2022-03-08T18:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-03-10T16:06:18+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:0827", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "dotnet: double parser stack buffer overrun", }, ], }
RHSA-2022:0829
Vulnerability from csaf_redhat
Published
2022-03-10 16:12
Modified
2024-11-22 18:37
Summary
Red Hat Security Advisory: .NET Core 3.1 on RHEL 7 security and bugfix update
Notes
Topic
An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.417 and .NET Runtime 3.1.23.
Security Fix(es):
* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)
* dotnet: double parser stack buffer overrun (CVE-2022-24512)
* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.417 and .NET Runtime 3.1.23.\n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)\n\n* dotnet: double parser stack buffer overrun (CVE-2022-24512)\n\n* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:0829", url: "https://access.redhat.com/errata/RHSA-2022:0829", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1879225", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1879225", }, { category: "external", summary: "2061847", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061847", }, { category: "external", summary: "2061854", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061854", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0829.json", }, ], title: "Red Hat Security Advisory: .NET Core 3.1 on RHEL 7 security and bugfix update", tracking: { current_release_date: "2024-11-22T18:37:32+00:00", generator: { date: "2024-11-22T18:37:32+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2022:0829", initial_release_date: "2022-03-10T16:12:05+00:00", revision_history: [ { date: "2022-03-10T16:12:05+00:00", number: "1", summary: "Initial version", }, { date: "2022-03-10T16:12:05+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T18:37:32+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product: { name: ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_dotnet:3.1::el7", }, }, }, { category: "product_name", name: ".NET Core on Red Hat Enterprise Linux Server (v. 7)", product: { name: ".NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_dotnet:3.1::el7", }, }, }, { category: "product_name", name: ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product: { name: ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_dotnet:3.1::el7", }, }, }, ], category: "product_family", name: ".NET Core on Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", product: { name: "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", product_id: "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet31-aspnetcore-runtime-3.1@3.1.23-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", product: { name: "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", product_id: "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet31-aspnetcore-targeting-pack-3.1@3.1.23-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", product: { name: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", product_id: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet31-dotnet@3.1.417-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", product: { name: "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", product_id: "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet31-dotnet-apphost-pack-3.1@3.1.23-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", product: { name: "rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", product_id: "rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet31-dotnet-host@3.1.23-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", product: { name: "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", product_id: "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet31-dotnet-hostfxr-3.1@3.1.23-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", product: { name: "rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", product_id: "rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet31-dotnet-runtime-3.1@3.1.23-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", product: { name: "rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", product_id: "rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet31-dotnet-sdk-3.1@3.1.417-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", product: { name: "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", product_id: "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts@3.1.417-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", product: { name: "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", product_id: "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet31-dotnet-targeting-pack-3.1@3.1.23-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", product: { name: "rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", product_id: "rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet31-dotnet-templates-3.1@3.1.417-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", product: { name: "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", product_id: "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet31-netstandard-targeting-pack-2.1@3.1.417-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", product: { name: "rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", product_id: "rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet31-dotnet-debuginfo@3.1.417-1.el7_9?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", product: { name: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", product_id: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet31-dotnet@3.1.417-1.el7_9?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", }, product_reference: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", relates_to_product_reference: "7ComputeNode-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", }, product_reference: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", relates_to_product_reference: "7Server-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", }, product_reference: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", relates_to_product_reference: "7Workstation-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-3.1", }, ], }, vulnerabilities: [ { cve: "CVE-2020-8927", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, discovery_date: "2020-09-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1879225", }, ], notes: [ { category: "description", text: "A buffer overflow flaw was found in the Brotli library where an attacker could control the input length of a \"one-shot\" decompression request to a script that can trigger a crash. This issue can happen when copying chunks of data larger than 2 GiB.", title: "Vulnerability description", }, { category: "summary", text: "brotli: buffer overflow when input chunk is larger than 2GiB", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-8927", }, { category: "external", summary: "RHBZ#1879225", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1879225", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-8927", url: "https://www.cve.org/CVERecord?id=CVE-2020-8927", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", }, ], release_date: "2020-08-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-03-10T16:12:05+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:0829", }, { category: "workaround", details: "This flaw can be mitigated by using Streaming API instead of the One-Shot API and imposing chunk size limitations.", product_ids: [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "brotli: buffer overflow when input chunk is larger than 2GiB", }, { cve: "CVE-2022-24464", cwe: { id: "CWE-1173", name: "Improper Use of Validation Framework", }, discovery_date: "2022-03-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2061847", }, ], notes: [ { category: "description", text: "A flaw was found in .NET Core, related to the FormPipeReader. This issue allows remote unauthenticated attackers to cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "dotnet: ASP.NET Denial of Service via FormPipeReader", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24464", }, { category: "external", summary: "RHBZ#2061847", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061847", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24464", url: "https://www.cve.org/CVERecord?id=CVE-2022-24464", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24464", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24464", }, { category: "external", summary: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24464", url: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24464", }, ], release_date: "2022-03-08T18:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-03-10T16:12:05+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:0829", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "dotnet: ASP.NET Denial of Service via FormPipeReader", }, { cve: "CVE-2022-24512", cwe: { id: "CWE-120", name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, discovery_date: "2022-03-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2061854", }, ], notes: [ { category: "description", text: "A flaw was found in dotnet, where a buffer overrun exists in the double parse routine, which could lead to remote code execution. This flaw allows an attacker to execute code remotely on the system, leading to some system compromise.", title: "Vulnerability description", }, { category: "summary", text: "dotnet: double parser stack buffer overrun", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24512", }, { category: "external", summary: "RHBZ#2061854", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061854", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24512", url: "https://www.cve.org/CVERecord?id=CVE-2022-24512", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24512", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24512", }, { category: "external", summary: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512", url: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512", }, ], release_date: "2022-03-08T18:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-03-10T16:12:05+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:0829", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "dotnet: double parser stack buffer overrun", }, ], }
rhsa-2022:0827
Vulnerability from csaf_redhat
Published
2022-03-10 16:06
Modified
2025-03-19 15:59
Summary
Red Hat Security Advisory: .NET Core 3.1 security and bugfix update
Notes
Topic
An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.417 and .NET Runtime 3.1.23.
Security Fix(es):
* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)
* dotnet: double parser stack buffer overrun (CVE-2022-24512)
* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.417 and .NET Runtime 3.1.23.\n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)\n\n* dotnet: double parser stack buffer overrun (CVE-2022-24512)\n\n* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:0827", url: "https://access.redhat.com/errata/RHSA-2022:0827", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1879225", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1879225", }, { category: "external", summary: "2061847", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061847", }, { category: "external", summary: "2061854", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061854", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0827.json", }, ], title: "Red Hat Security Advisory: .NET Core 3.1 security and bugfix update", tracking: { current_release_date: "2025-03-19T15:59:41+00:00", generator: { date: "2025-03-19T15:59:41+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2022:0827", initial_release_date: "2022-03-10T16:06:18+00:00", revision_history: [ { date: "2022-03-10T16:06:18+00:00", number: "1", summary: "Initial version", }, { date: "2022-03-10T16:06:18+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-19T15:59:41+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 8)", product: { name: "Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:8::appstream", }, }, }, { category: "product_name", name: "Red Hat CodeReady Linux Builder (v. 8)", product: { name: "Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:8::crb", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", product: { name: "aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", product_id: "aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/aspnetcore-runtime-3.1@3.1.23-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", product: { name: "aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", product_id: "aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/aspnetcore-targeting-pack-3.1@3.1.23-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", product: { name: "dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", product_id: "dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-apphost-pack-3.1@3.1.23-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", product: { name: "dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", product_id: "dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-hostfxr-3.1@3.1.23-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", product: { name: "dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", product_id: "dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-runtime-3.1@3.1.23-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", product: { name: "dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", product_id: "dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-sdk-3.1@3.1.417-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", product: { name: "dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", product_id: "dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-targeting-pack-3.1@3.1.23-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", product: { name: "dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", product_id: "dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-templates-3.1@3.1.417-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", product: { name: "dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", product_id: "dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet3.1-debugsource@3.1.417-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", product: { name: "dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", product_id: "dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-apphost-pack-3.1-debuginfo@3.1.23-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", product: { name: "dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", product_id: "dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-hostfxr-3.1-debuginfo@3.1.23-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", product: { name: "dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", product_id: "dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-runtime-3.1-debuginfo@3.1.23-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", product: { name: "dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", product_id: "dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-sdk-3.1-debuginfo@3.1.417-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", product: { name: "dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", product_id: "dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet3.1-debuginfo@3.1.417-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", product: { name: "dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", product_id: "dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-sdk-3.1-source-built-artifacts@3.1.417-1.el8_5?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "dotnet3.1-0:3.1.417-1.el8_5.src", product: { name: "dotnet3.1-0:3.1.417-1.el8_5.src", product_id: "dotnet3.1-0:3.1.417-1.el8_5.src", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet3.1@3.1.417-1.el8_5?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", }, product_reference: "aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", }, product_reference: "aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", }, product_reference: "dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", }, product_reference: "dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", }, product_reference: "dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", }, product_reference: "dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", }, product_reference: "dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", }, product_reference: "dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", }, product_reference: "dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", }, product_reference: "dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", }, product_reference: "dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", }, product_reference: "dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", }, product_reference: "dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet3.1-0:3.1.417-1.el8_5.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", }, product_reference: "dotnet3.1-0:3.1.417-1.el8_5.src", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", }, product_reference: "dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", }, product_reference: "dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", }, product_reference: "aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", }, product_reference: "aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", }, product_reference: "dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", }, product_reference: "dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", }, product_reference: "dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", }, product_reference: "dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", }, product_reference: "dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", }, product_reference: "dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", }, product_reference: "dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", }, product_reference: "dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", }, product_reference: "dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", }, product_reference: "dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", }, product_reference: "dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet3.1-0:3.1.417-1.el8_5.src as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", }, product_reference: "dotnet3.1-0:3.1.417-1.el8_5.src", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", }, product_reference: "dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", }, product_reference: "dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, ], }, vulnerabilities: [ { cve: "CVE-2020-8927", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, discovery_date: "2020-09-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1879225", }, ], notes: [ { category: "description", text: "A buffer overflow flaw was found in the Brotli library where an attacker could control the input length of a \"one-shot\" decompression request to a script that can trigger a crash. This issue can happen when copying chunks of data larger than 2 GiB.", title: "Vulnerability description", }, { category: "summary", text: "brotli: buffer overflow when input chunk is larger than 2GiB", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-8927", }, { category: "external", summary: "RHBZ#1879225", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1879225", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-8927", url: "https://www.cve.org/CVERecord?id=CVE-2020-8927", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", }, ], release_date: "2020-08-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-03-10T16:06:18+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:0827", }, { category: "workaround", details: "This flaw can be mitigated by using Streaming API instead of the One-Shot API and imposing chunk size limitations.", product_ids: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "brotli: buffer overflow when input chunk is larger than 2GiB", }, { cve: "CVE-2022-24464", cwe: { id: "CWE-1173", name: "Improper Use of Validation Framework", }, discovery_date: "2022-03-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2061847", }, ], notes: [ { category: "description", text: "A flaw was found in .NET Core, related to the FormPipeReader. This issue allows remote unauthenticated attackers to cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "dotnet: ASP.NET Denial of Service via FormPipeReader", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24464", }, { category: "external", summary: "RHBZ#2061847", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061847", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24464", url: "https://www.cve.org/CVERecord?id=CVE-2022-24464", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24464", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24464", }, { category: "external", summary: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24464", url: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24464", }, ], release_date: "2022-03-08T18:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-03-10T16:06:18+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:0827", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "dotnet: ASP.NET Denial of Service via FormPipeReader", }, { cve: "CVE-2022-24512", cwe: { id: "CWE-120", name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, discovery_date: "2022-03-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2061854", }, ], notes: [ { category: "description", text: "A flaw was found in dotnet, where a buffer overrun exists in the double parse routine, which could lead to remote code execution. This flaw allows an attacker to execute code remotely on the system, leading to some system compromise.", title: "Vulnerability description", }, { category: "summary", text: "dotnet: double parser stack buffer overrun", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24512", }, { category: "external", summary: "RHBZ#2061854", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061854", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24512", url: "https://www.cve.org/CVERecord?id=CVE-2022-24512", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24512", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24512", }, { category: "external", summary: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512", url: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512", }, ], release_date: "2022-03-08T18:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-03-10T16:06:18+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:0827", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "dotnet: double parser stack buffer overrun", }, ], }
rhsa-2022_0828
Vulnerability from csaf_redhat
Published
2022-03-10 16:12
Modified
2024-11-22 18:37
Summary
Red Hat Security Advisory: .NET 5.0 on RHEL 7 security and bugfix update
Notes
Topic
An update for .NET 5.0 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 5.0.212 and .NET Runtime 5.0.15.
Security Fix(es):
* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)
* dotnet: double parser stack buffer overrun (CVE-2022-24512)
* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for .NET 5.0 is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 5.0.212 and .NET Runtime 5.0.15.\n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)\n\n* dotnet: double parser stack buffer overrun (CVE-2022-24512)\n\n* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:0828", url: "https://access.redhat.com/errata/RHSA-2022:0828", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1879225", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1879225", }, { category: "external", summary: "2061847", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061847", }, { category: "external", summary: "2061854", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061854", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0828.json", }, ], title: "Red Hat Security Advisory: .NET 5.0 on RHEL 7 security and bugfix update", tracking: { current_release_date: "2024-11-22T18:37:39+00:00", generator: { date: "2024-11-22T18:37:39+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2022:0828", initial_release_date: "2022-03-10T16:12:40+00:00", revision_history: [ { date: "2022-03-10T16:12:40+00:00", number: "1", summary: "Initial version", }, { date: "2022-03-10T16:12:40+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T18:37:39+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product: { name: ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_dotnet:5.0::el7", }, }, }, { category: "product_name", name: ".NET Core on Red Hat Enterprise Linux Server (v. 7)", product: { name: ".NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_dotnet:5.0::el7", }, }, }, { category: "product_name", name: ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product: { name: ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_dotnet:5.0::el7", }, }, }, ], category: "product_family", name: ".NET Core on Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", product: { name: "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", product_id: "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet50-aspnetcore-runtime-5.0@5.0.15-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", product: { name: "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", product_id: "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet50-aspnetcore-targeting-pack-5.0@5.0.15-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", product: { name: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", product_id: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet50-dotnet@5.0.212-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", product: { name: "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", product_id: "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet50-dotnet-apphost-pack-5.0@5.0.15-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", product: { name: "rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", product_id: "rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet50-dotnet-host@5.0.15-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", product: { name: "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", product_id: "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet50-dotnet-hostfxr-5.0@5.0.15-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", product: { name: "rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", product_id: "rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet50-dotnet-runtime-5.0@5.0.15-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", product: { name: "rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", product_id: "rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet50-dotnet-sdk-5.0@5.0.212-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", product: { name: "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", product_id: "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts@5.0.212-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", product: { name: "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", product_id: "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet50-dotnet-targeting-pack-5.0@5.0.15-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", product: { name: "rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", product_id: "rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet50-dotnet-templates-5.0@5.0.212-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", product: { name: "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", product_id: "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet50-netstandard-targeting-pack-2.1@5.0.212-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", product: { name: "rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", product_id: "rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet50-dotnet-debuginfo@5.0.212-1.el7_9?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", product: { name: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", product_id: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet50-dotnet@5.0.212-1.el7_9?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", }, product_reference: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", relates_to_product_reference: "7ComputeNode-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", }, product_reference: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", relates_to_product_reference: "7Server-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", }, product_reference: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", relates_to_product_reference: "7Workstation-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-5.0", }, ], }, vulnerabilities: [ { cve: "CVE-2020-8927", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, discovery_date: "2020-09-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1879225", }, ], notes: [ { category: "description", text: "A buffer overflow flaw was found in the Brotli library where an attacker could control the input length of a \"one-shot\" decompression request to a script that can trigger a crash. This issue can happen when copying chunks of data larger than 2 GiB.", title: "Vulnerability description", }, { category: "summary", text: "brotli: buffer overflow when input chunk is larger than 2GiB", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-8927", }, { category: "external", summary: "RHBZ#1879225", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1879225", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-8927", url: "https://www.cve.org/CVERecord?id=CVE-2020-8927", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", }, ], release_date: "2020-08-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-03-10T16:12:40+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:0828", }, { category: "workaround", details: "This flaw can be mitigated by using Streaming API instead of the One-Shot API and imposing chunk size limitations.", product_ids: [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "brotli: buffer overflow when input chunk is larger than 2GiB", }, { cve: "CVE-2022-24464", cwe: { id: "CWE-1173", name: "Improper Use of Validation Framework", }, discovery_date: "2022-03-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2061847", }, ], notes: [ { category: "description", text: "A flaw was found in .NET Core, related to the FormPipeReader. This issue allows remote unauthenticated attackers to cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "dotnet: ASP.NET Denial of Service via FormPipeReader", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24464", }, { category: "external", summary: "RHBZ#2061847", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061847", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24464", url: "https://www.cve.org/CVERecord?id=CVE-2022-24464", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24464", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24464", }, { category: "external", summary: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24464", url: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24464", }, ], release_date: "2022-03-08T18:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-03-10T16:12:40+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:0828", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "dotnet: ASP.NET Denial of Service via FormPipeReader", }, { cve: "CVE-2022-24512", cwe: { id: "CWE-120", name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, discovery_date: "2022-03-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2061854", }, ], notes: [ { category: "description", text: "A flaw was found in dotnet, where a buffer overrun exists in the double parse routine, which could lead to remote code execution. This flaw allows an attacker to execute code remotely on the system, leading to some system compromise.", title: "Vulnerability description", }, { category: "summary", text: "dotnet: double parser stack buffer overrun", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24512", }, { category: "external", summary: "RHBZ#2061854", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061854", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24512", url: "https://www.cve.org/CVERecord?id=CVE-2022-24512", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24512", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24512", }, { category: "external", summary: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512", url: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512", }, ], release_date: "2022-03-08T18:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-03-10T16:12:40+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:0828", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "dotnet: double parser stack buffer overrun", }, ], }
RHSA-2022:0828
Vulnerability from csaf_redhat
Published
2022-03-10 16:12
Modified
2024-11-22 18:37
Summary
Red Hat Security Advisory: .NET 5.0 on RHEL 7 security and bugfix update
Notes
Topic
An update for .NET 5.0 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 5.0.212 and .NET Runtime 5.0.15.
Security Fix(es):
* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)
* dotnet: double parser stack buffer overrun (CVE-2022-24512)
* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for .NET 5.0 is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 5.0.212 and .NET Runtime 5.0.15.\n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)\n\n* dotnet: double parser stack buffer overrun (CVE-2022-24512)\n\n* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:0828", url: "https://access.redhat.com/errata/RHSA-2022:0828", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1879225", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1879225", }, { category: "external", summary: "2061847", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061847", }, { category: "external", summary: "2061854", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061854", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0828.json", }, ], title: "Red Hat Security Advisory: .NET 5.0 on RHEL 7 security and bugfix update", tracking: { current_release_date: "2024-11-22T18:37:39+00:00", generator: { date: "2024-11-22T18:37:39+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2022:0828", initial_release_date: "2022-03-10T16:12:40+00:00", revision_history: [ { date: "2022-03-10T16:12:40+00:00", number: "1", summary: "Initial version", }, { date: "2022-03-10T16:12:40+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T18:37:39+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product: { name: ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_dotnet:5.0::el7", }, }, }, { category: "product_name", name: ".NET Core on Red Hat Enterprise Linux Server (v. 7)", product: { name: ".NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_dotnet:5.0::el7", }, }, }, { category: "product_name", name: ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product: { name: ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_dotnet:5.0::el7", }, }, }, ], category: "product_family", name: ".NET Core on Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", product: { name: "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", product_id: "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet50-aspnetcore-runtime-5.0@5.0.15-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", product: { name: "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", product_id: "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet50-aspnetcore-targeting-pack-5.0@5.0.15-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", product: { name: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", product_id: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet50-dotnet@5.0.212-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", product: { name: "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", product_id: "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet50-dotnet-apphost-pack-5.0@5.0.15-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", product: { name: "rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", product_id: "rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet50-dotnet-host@5.0.15-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", product: { name: "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", product_id: "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet50-dotnet-hostfxr-5.0@5.0.15-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", product: { name: "rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", product_id: "rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet50-dotnet-runtime-5.0@5.0.15-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", product: { name: "rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", product_id: "rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet50-dotnet-sdk-5.0@5.0.212-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", product: { name: "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", product_id: "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts@5.0.212-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", product: { name: "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", product_id: "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet50-dotnet-targeting-pack-5.0@5.0.15-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", product: { name: "rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", product_id: "rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet50-dotnet-templates-5.0@5.0.212-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", product: { name: "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", product_id: "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet50-netstandard-targeting-pack-2.1@5.0.212-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", product: { name: "rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", product_id: "rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet50-dotnet-debuginfo@5.0.212-1.el7_9?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", product: { name: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", product_id: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet50-dotnet@5.0.212-1.el7_9?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", }, product_reference: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", relates_to_product_reference: "7ComputeNode-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", }, product_reference: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", relates_to_product_reference: "7Server-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", }, product_reference: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", relates_to_product_reference: "7Workstation-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-5.0", }, ], }, vulnerabilities: [ { cve: "CVE-2020-8927", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, discovery_date: "2020-09-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1879225", }, ], notes: [ { category: "description", text: "A buffer overflow flaw was found in the Brotli library where an attacker could control the input length of a \"one-shot\" decompression request to a script that can trigger a crash. This issue can happen when copying chunks of data larger than 2 GiB.", title: "Vulnerability description", }, { category: "summary", text: "brotli: buffer overflow when input chunk is larger than 2GiB", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-8927", }, { category: "external", summary: "RHBZ#1879225", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1879225", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-8927", url: "https://www.cve.org/CVERecord?id=CVE-2020-8927", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", }, ], release_date: "2020-08-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-03-10T16:12:40+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:0828", }, { category: "workaround", details: "This flaw can be mitigated by using Streaming API instead of the One-Shot API and imposing chunk size limitations.", product_ids: [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "brotli: buffer overflow when input chunk is larger than 2GiB", }, { cve: "CVE-2022-24464", cwe: { id: "CWE-1173", name: "Improper Use of Validation Framework", }, discovery_date: "2022-03-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2061847", }, ], notes: [ { category: "description", text: "A flaw was found in .NET Core, related to the FormPipeReader. This issue allows remote unauthenticated attackers to cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "dotnet: ASP.NET Denial of Service via FormPipeReader", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24464", }, { category: "external", summary: "RHBZ#2061847", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061847", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24464", url: "https://www.cve.org/CVERecord?id=CVE-2022-24464", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24464", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24464", }, { category: "external", summary: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24464", url: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24464", }, ], release_date: "2022-03-08T18:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-03-10T16:12:40+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:0828", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "dotnet: ASP.NET Denial of Service via FormPipeReader", }, { cve: "CVE-2022-24512", cwe: { id: "CWE-120", name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, discovery_date: "2022-03-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2061854", }, ], notes: [ { category: "description", text: "A flaw was found in dotnet, where a buffer overrun exists in the double parse routine, which could lead to remote code execution. This flaw allows an attacker to execute code remotely on the system, leading to some system compromise.", title: "Vulnerability description", }, { category: "summary", text: "dotnet: double parser stack buffer overrun", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24512", }, { category: "external", summary: "RHBZ#2061854", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061854", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24512", url: "https://www.cve.org/CVERecord?id=CVE-2022-24512", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24512", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24512", }, { category: "external", summary: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512", url: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512", }, ], release_date: "2022-03-08T18:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-03-10T16:12:40+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:0828", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "dotnet: double parser stack buffer overrun", }, ], }
rhsa-2022_0830
Vulnerability from csaf_redhat
Published
2022-03-10 16:05
Modified
2024-11-22 18:37
Summary
Red Hat Security Advisory: .NET 5.0 security and bugfix update
Notes
Topic
An update for .NET 5.0 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 5.0.212 and .NET Runtime 5.0.15.
Security Fix(es):
* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)
* dotnet: double parser stack buffer overrun (CVE-2022-24512)
* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for .NET 5.0 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 5.0.212 and .NET Runtime 5.0.15.\n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)\n\n* dotnet: double parser stack buffer overrun (CVE-2022-24512)\n\n* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:0830", url: "https://access.redhat.com/errata/RHSA-2022:0830", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1879225", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1879225", }, { category: "external", summary: "2061847", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061847", }, { category: "external", summary: "2061854", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061854", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0830.json", }, ], title: "Red Hat Security Advisory: .NET 5.0 security and bugfix update", tracking: { current_release_date: "2024-11-22T18:37:25+00:00", generator: { date: "2024-11-22T18:37:25+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2022:0830", initial_release_date: "2022-03-10T16:05:56+00:00", revision_history: [ { date: "2022-03-10T16:05:56+00:00", number: "1", summary: "Initial version", }, { date: "2022-03-10T16:05:56+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T18:37:25+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 8)", product: { name: "Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:8::appstream", }, }, }, { category: "product_name", name: "Red Hat CodeReady Linux Builder (v. 8)", product: { name: "Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:8::crb", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", product: { name: "aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", product_id: "aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/aspnetcore-runtime-5.0@5.0.15-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", product: { name: "aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", product_id: "aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/aspnetcore-targeting-pack-5.0@5.0.15-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", product: { name: "dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", product_id: "dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-apphost-pack-5.0@5.0.15-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", product: { name: "dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", product_id: "dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-hostfxr-5.0@5.0.15-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", product: { name: "dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", product_id: "dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-runtime-5.0@5.0.15-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", product: { name: "dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", product_id: "dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-sdk-5.0@5.0.212-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", product: { name: "dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", product_id: "dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-targeting-pack-5.0@5.0.15-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", product: { name: "dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", product_id: "dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-templates-5.0@5.0.212-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", product: { name: "dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", product_id: "dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet5.0-debugsource@5.0.212-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", product: { name: "dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", product_id: "dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-apphost-pack-5.0-debuginfo@5.0.15-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", product: { name: "dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", product_id: "dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-hostfxr-5.0-debuginfo@5.0.15-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", product: { name: "dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", product_id: "dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-runtime-5.0-debuginfo@5.0.15-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", product: { name: "dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", product_id: "dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-sdk-5.0-debuginfo@5.0.212-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", product: { name: "dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", product_id: "dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet5.0-debuginfo@5.0.212-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", product: { name: "dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", product_id: "dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-sdk-5.0-source-built-artifacts@5.0.212-1.el8_5?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "dotnet5.0-0:5.0.212-1.el8_5.src", product: { name: "dotnet5.0-0:5.0.212-1.el8_5.src", product_id: "dotnet5.0-0:5.0.212-1.el8_5.src", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet5.0@5.0.212-1.el8_5?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", }, product_reference: "aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", }, product_reference: "aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", }, product_reference: "dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", }, product_reference: "dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", }, product_reference: "dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", }, product_reference: "dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", }, product_reference: "dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", }, product_reference: "dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", }, product_reference: "dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", }, product_reference: "dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", }, product_reference: "dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", }, product_reference: "dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", }, product_reference: "dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet5.0-0:5.0.212-1.el8_5.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", }, product_reference: "dotnet5.0-0:5.0.212-1.el8_5.src", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", }, product_reference: "dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", }, product_reference: "dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", }, product_reference: "aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", }, product_reference: "aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", }, product_reference: "dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", }, product_reference: "dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", }, product_reference: "dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", }, product_reference: "dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", }, product_reference: "dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", }, product_reference: "dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", }, product_reference: "dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", }, product_reference: "dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", }, product_reference: "dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", }, product_reference: "dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", }, product_reference: "dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet5.0-0:5.0.212-1.el8_5.src as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", }, product_reference: "dotnet5.0-0:5.0.212-1.el8_5.src", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", }, product_reference: "dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", }, product_reference: "dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, ], }, vulnerabilities: [ { cve: "CVE-2020-8927", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, discovery_date: "2020-09-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1879225", }, ], notes: [ { category: "description", text: "A buffer overflow flaw was found in the Brotli library where an attacker could control the input length of a \"one-shot\" decompression request to a script that can trigger a crash. This issue can happen when copying chunks of data larger than 2 GiB.", title: "Vulnerability description", }, { category: "summary", text: "brotli: buffer overflow when input chunk is larger than 2GiB", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-8927", }, { category: "external", summary: "RHBZ#1879225", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1879225", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-8927", url: "https://www.cve.org/CVERecord?id=CVE-2020-8927", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", }, ], release_date: "2020-08-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-03-10T16:05:56+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:0830", }, { category: "workaround", details: "This flaw can be mitigated by using Streaming API instead of the One-Shot API and imposing chunk size limitations.", product_ids: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "brotli: buffer overflow when input chunk is larger than 2GiB", }, { cve: "CVE-2022-24464", cwe: { id: "CWE-1173", name: "Improper Use of Validation Framework", }, discovery_date: "2022-03-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2061847", }, ], notes: [ { category: "description", text: "A flaw was found in .NET Core, related to the FormPipeReader. This issue allows remote unauthenticated attackers to cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "dotnet: ASP.NET Denial of Service via FormPipeReader", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24464", }, { category: "external", summary: "RHBZ#2061847", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061847", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24464", url: "https://www.cve.org/CVERecord?id=CVE-2022-24464", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24464", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24464", }, { category: "external", summary: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24464", url: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24464", }, ], release_date: "2022-03-08T18:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-03-10T16:05:56+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:0830", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "dotnet: ASP.NET Denial of Service via FormPipeReader", }, { cve: "CVE-2022-24512", cwe: { id: "CWE-120", name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, discovery_date: "2022-03-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2061854", }, ], notes: [ { category: "description", text: "A flaw was found in dotnet, where a buffer overrun exists in the double parse routine, which could lead to remote code execution. This flaw allows an attacker to execute code remotely on the system, leading to some system compromise.", title: "Vulnerability description", }, { category: "summary", text: "dotnet: double parser stack buffer overrun", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24512", }, { category: "external", summary: "RHBZ#2061854", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061854", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24512", url: "https://www.cve.org/CVERecord?id=CVE-2022-24512", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24512", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24512", }, { category: "external", summary: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512", url: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512", }, ], release_date: "2022-03-08T18:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-03-10T16:05:56+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:0830", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "dotnet: double parser stack buffer overrun", }, ], }
rhsa-2021_1702
Vulnerability from csaf_redhat
Published
2021-05-18 13:42
Modified
2024-11-22 16:19
Summary
Red Hat Security Advisory: brotli security update
Notes
Topic
An update for brotli is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It is similar in speed with deflate but offers more dense compression.
Security Fix(es):
* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for brotli is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It is similar in speed with deflate but offers more dense compression. \n\nSecurity Fix(es):\n\n* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2021:1702", url: "https://access.redhat.com/errata/RHSA-2021:1702", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/", url: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/", }, { category: "external", summary: "1879225", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1879225", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_1702.json", }, ], title: "Red Hat Security Advisory: brotli security update", tracking: { current_release_date: "2024-11-22T16:19:42+00:00", generator: { date: "2024-11-22T16:19:42+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2021:1702", initial_release_date: "2021-05-18T13:42:13+00:00", revision_history: [ { date: "2021-05-18T13:42:13+00:00", number: "1", summary: "Initial version", }, { date: "2021-05-18T13:42:13+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T16:19:42+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 8)", product: { name: "Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:8::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux BaseOS (v. 8)", product: { name: "Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:8::baseos", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "brotli-devel-0:1.0.6-3.el8.aarch64", product: { name: "brotli-devel-0:1.0.6-3.el8.aarch64", product_id: "brotli-devel-0:1.0.6-3.el8.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-devel@1.0.6-3.el8?arch=aarch64", }, }, }, { category: "product_version", name: "python3-brotli-0:1.0.6-3.el8.aarch64", product: { name: "python3-brotli-0:1.0.6-3.el8.aarch64", product_id: "python3-brotli-0:1.0.6-3.el8.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-brotli@1.0.6-3.el8?arch=aarch64", }, }, }, { category: "product_version", name: "brotli-debugsource-0:1.0.6-3.el8.aarch64", product: { name: "brotli-debugsource-0:1.0.6-3.el8.aarch64", product_id: "brotli-debugsource-0:1.0.6-3.el8.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-debugsource@1.0.6-3.el8?arch=aarch64", }, }, }, { category: "product_version", name: "brotli-debuginfo-0:1.0.6-3.el8.aarch64", product: { name: "brotli-debuginfo-0:1.0.6-3.el8.aarch64", product_id: "brotli-debuginfo-0:1.0.6-3.el8.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-debuginfo@1.0.6-3.el8?arch=aarch64", }, }, }, { category: "product_version", name: "python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", product: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", product_id: "python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-brotli-debuginfo@1.0.6-3.el8?arch=aarch64", }, }, }, { category: "product_version", name: "brotli-0:1.0.6-3.el8.aarch64", product: { name: "brotli-0:1.0.6-3.el8.aarch64", product_id: "brotli-0:1.0.6-3.el8.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/brotli@1.0.6-3.el8?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "brotli-devel-0:1.0.6-3.el8.ppc64le", product: { name: "brotli-devel-0:1.0.6-3.el8.ppc64le", product_id: "brotli-devel-0:1.0.6-3.el8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-devel@1.0.6-3.el8?arch=ppc64le", }, }, }, { category: "product_version", name: "python3-brotli-0:1.0.6-3.el8.ppc64le", product: { name: "python3-brotli-0:1.0.6-3.el8.ppc64le", product_id: "python3-brotli-0:1.0.6-3.el8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/python3-brotli@1.0.6-3.el8?arch=ppc64le", }, }, }, { category: "product_version", name: "brotli-debugsource-0:1.0.6-3.el8.ppc64le", product: { name: "brotli-debugsource-0:1.0.6-3.el8.ppc64le", product_id: "brotli-debugsource-0:1.0.6-3.el8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-debugsource@1.0.6-3.el8?arch=ppc64le", }, }, }, { category: "product_version", name: "brotli-debuginfo-0:1.0.6-3.el8.ppc64le", product: { name: "brotli-debuginfo-0:1.0.6-3.el8.ppc64le", product_id: "brotli-debuginfo-0:1.0.6-3.el8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-debuginfo@1.0.6-3.el8?arch=ppc64le", }, }, }, { category: "product_version", name: "python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", product: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", product_id: "python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/python3-brotli-debuginfo@1.0.6-3.el8?arch=ppc64le", }, }, }, { category: "product_version", name: "brotli-0:1.0.6-3.el8.ppc64le", product: { name: "brotli-0:1.0.6-3.el8.ppc64le", product_id: "brotli-0:1.0.6-3.el8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/brotli@1.0.6-3.el8?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "brotli-devel-0:1.0.6-3.el8.i686", product: { name: "brotli-devel-0:1.0.6-3.el8.i686", product_id: "brotli-devel-0:1.0.6-3.el8.i686", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-devel@1.0.6-3.el8?arch=i686", }, }, }, { category: "product_version", name: "brotli-debugsource-0:1.0.6-3.el8.i686", product: { name: "brotli-debugsource-0:1.0.6-3.el8.i686", product_id: "brotli-debugsource-0:1.0.6-3.el8.i686", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-debugsource@1.0.6-3.el8?arch=i686", }, }, }, { category: "product_version", name: "brotli-debuginfo-0:1.0.6-3.el8.i686", product: { name: "brotli-debuginfo-0:1.0.6-3.el8.i686", product_id: "brotli-debuginfo-0:1.0.6-3.el8.i686", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-debuginfo@1.0.6-3.el8?arch=i686", }, }, }, { category: "product_version", name: "python3-brotli-debuginfo-0:1.0.6-3.el8.i686", product: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.i686", product_id: "python3-brotli-debuginfo-0:1.0.6-3.el8.i686", product_identification_helper: { purl: "pkg:rpm/redhat/python3-brotli-debuginfo@1.0.6-3.el8?arch=i686", }, }, }, { category: "product_version", name: "brotli-0:1.0.6-3.el8.i686", product: { name: "brotli-0:1.0.6-3.el8.i686", product_id: "brotli-0:1.0.6-3.el8.i686", product_identification_helper: { purl: "pkg:rpm/redhat/brotli@1.0.6-3.el8?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "brotli-devel-0:1.0.6-3.el8.x86_64", product: { name: "brotli-devel-0:1.0.6-3.el8.x86_64", product_id: "brotli-devel-0:1.0.6-3.el8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-devel@1.0.6-3.el8?arch=x86_64", }, }, }, { category: "product_version", name: "python3-brotli-0:1.0.6-3.el8.x86_64", product: { name: "python3-brotli-0:1.0.6-3.el8.x86_64", product_id: "python3-brotli-0:1.0.6-3.el8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-brotli@1.0.6-3.el8?arch=x86_64", }, }, }, { category: "product_version", name: "brotli-debugsource-0:1.0.6-3.el8.x86_64", product: { name: "brotli-debugsource-0:1.0.6-3.el8.x86_64", product_id: "brotli-debugsource-0:1.0.6-3.el8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-debugsource@1.0.6-3.el8?arch=x86_64", }, }, }, { category: "product_version", name: "brotli-debuginfo-0:1.0.6-3.el8.x86_64", product: { name: "brotli-debuginfo-0:1.0.6-3.el8.x86_64", product_id: "brotli-debuginfo-0:1.0.6-3.el8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-debuginfo@1.0.6-3.el8?arch=x86_64", }, }, }, { category: "product_version", name: "python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", product: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", product_id: "python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-brotli-debuginfo@1.0.6-3.el8?arch=x86_64", }, }, }, { category: "product_version", name: "brotli-0:1.0.6-3.el8.x86_64", product: { name: "brotli-0:1.0.6-3.el8.x86_64", product_id: "brotli-0:1.0.6-3.el8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/brotli@1.0.6-3.el8?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "brotli-devel-0:1.0.6-3.el8.s390x", product: { name: "brotli-devel-0:1.0.6-3.el8.s390x", product_id: "brotli-devel-0:1.0.6-3.el8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-devel@1.0.6-3.el8?arch=s390x", }, }, }, { category: "product_version", name: "python3-brotli-0:1.0.6-3.el8.s390x", product: { name: "python3-brotli-0:1.0.6-3.el8.s390x", product_id: "python3-brotli-0:1.0.6-3.el8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/python3-brotli@1.0.6-3.el8?arch=s390x", }, }, }, { category: "product_version", name: "brotli-debugsource-0:1.0.6-3.el8.s390x", product: { name: "brotli-debugsource-0:1.0.6-3.el8.s390x", product_id: "brotli-debugsource-0:1.0.6-3.el8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-debugsource@1.0.6-3.el8?arch=s390x", }, }, }, { category: "product_version", name: "brotli-debuginfo-0:1.0.6-3.el8.s390x", product: { name: "brotli-debuginfo-0:1.0.6-3.el8.s390x", product_id: "brotli-debuginfo-0:1.0.6-3.el8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-debuginfo@1.0.6-3.el8?arch=s390x", }, }, }, { category: "product_version", name: "python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", product: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", product_id: "python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/python3-brotli-debuginfo@1.0.6-3.el8?arch=s390x", }, }, }, { category: "product_version", name: "brotli-0:1.0.6-3.el8.s390x", product: { name: "brotli-0:1.0.6-3.el8.s390x", product_id: "brotli-0:1.0.6-3.el8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/brotli@1.0.6-3.el8?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "brotli-0:1.0.6-3.el8.src", product: { name: "brotli-0:1.0.6-3.el8.src", product_id: "brotli-0:1.0.6-3.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/brotli@1.0.6-3.el8?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "brotli-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.aarch64", }, product_reference: "brotli-0:1.0.6-3.el8.aarch64", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-0:1.0.6-3.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.i686", }, product_reference: "brotli-0:1.0.6-3.el8.i686", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.ppc64le", }, product_reference: "brotli-0:1.0.6-3.el8.ppc64le", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.s390x", }, product_reference: "brotli-0:1.0.6-3.el8.s390x", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-0:1.0.6-3.el8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.src", }, product_reference: "brotli-0:1.0.6-3.el8.src", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.x86_64", }, product_reference: "brotli-0:1.0.6-3.el8.x86_64", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debuginfo-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.aarch64", }, product_reference: "brotli-debuginfo-0:1.0.6-3.el8.aarch64", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debuginfo-0:1.0.6-3.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.i686", }, product_reference: "brotli-debuginfo-0:1.0.6-3.el8.i686", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debuginfo-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.ppc64le", }, product_reference: "brotli-debuginfo-0:1.0.6-3.el8.ppc64le", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debuginfo-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.s390x", }, product_reference: "brotli-debuginfo-0:1.0.6-3.el8.s390x", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debuginfo-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.x86_64", }, product_reference: "brotli-debuginfo-0:1.0.6-3.el8.x86_64", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debugsource-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.aarch64", }, product_reference: "brotli-debugsource-0:1.0.6-3.el8.aarch64", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debugsource-0:1.0.6-3.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.i686", }, product_reference: "brotli-debugsource-0:1.0.6-3.el8.i686", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debugsource-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.ppc64le", }, product_reference: "brotli-debugsource-0:1.0.6-3.el8.ppc64le", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debugsource-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.s390x", }, product_reference: "brotli-debugsource-0:1.0.6-3.el8.s390x", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debugsource-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.x86_64", }, product_reference: "brotli-debugsource-0:1.0.6-3.el8.x86_64", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-devel-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.aarch64", }, product_reference: "brotli-devel-0:1.0.6-3.el8.aarch64", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-devel-0:1.0.6-3.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.i686", }, product_reference: "brotli-devel-0:1.0.6-3.el8.i686", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-devel-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.ppc64le", }, product_reference: "brotli-devel-0:1.0.6-3.el8.ppc64le", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-devel-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.s390x", }, product_reference: "brotli-devel-0:1.0.6-3.el8.s390x", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-devel-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.x86_64", }, product_reference: "brotli-devel-0:1.0.6-3.el8.x86_64", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.aarch64", }, product_reference: "python3-brotli-0:1.0.6-3.el8.aarch64", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.ppc64le", }, product_reference: "python3-brotli-0:1.0.6-3.el8.ppc64le", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.s390x", }, product_reference: "python3-brotli-0:1.0.6-3.el8.s390x", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.x86_64", }, product_reference: "python3-brotli-0:1.0.6-3.el8.x86_64", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", }, product_reference: "python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.i686", }, product_reference: "python3-brotli-debuginfo-0:1.0.6-3.el8.i686", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", }, product_reference: "python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", }, product_reference: "python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", }, product_reference: "python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.aarch64", }, product_reference: "brotli-0:1.0.6-3.el8.aarch64", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-0:1.0.6-3.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.i686", }, product_reference: "brotli-0:1.0.6-3.el8.i686", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.ppc64le", }, product_reference: "brotli-0:1.0.6-3.el8.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.s390x", }, product_reference: "brotli-0:1.0.6-3.el8.s390x", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-0:1.0.6-3.el8.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.src", }, product_reference: "brotli-0:1.0.6-3.el8.src", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.x86_64", }, product_reference: "brotli-0:1.0.6-3.el8.x86_64", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debuginfo-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.aarch64", }, product_reference: "brotli-debuginfo-0:1.0.6-3.el8.aarch64", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debuginfo-0:1.0.6-3.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.i686", }, product_reference: "brotli-debuginfo-0:1.0.6-3.el8.i686", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debuginfo-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.ppc64le", }, product_reference: "brotli-debuginfo-0:1.0.6-3.el8.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debuginfo-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.s390x", }, product_reference: "brotli-debuginfo-0:1.0.6-3.el8.s390x", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debuginfo-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.x86_64", }, product_reference: "brotli-debuginfo-0:1.0.6-3.el8.x86_64", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debugsource-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.aarch64", }, product_reference: "brotli-debugsource-0:1.0.6-3.el8.aarch64", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debugsource-0:1.0.6-3.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.i686", }, product_reference: "brotli-debugsource-0:1.0.6-3.el8.i686", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debugsource-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.ppc64le", }, product_reference: "brotli-debugsource-0:1.0.6-3.el8.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debugsource-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.s390x", }, product_reference: "brotli-debugsource-0:1.0.6-3.el8.s390x", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debugsource-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.x86_64", }, product_reference: "brotli-debugsource-0:1.0.6-3.el8.x86_64", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-devel-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.aarch64", }, product_reference: "brotli-devel-0:1.0.6-3.el8.aarch64", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-devel-0:1.0.6-3.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.i686", }, product_reference: "brotli-devel-0:1.0.6-3.el8.i686", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-devel-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.ppc64le", }, product_reference: "brotli-devel-0:1.0.6-3.el8.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-devel-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.s390x", }, product_reference: "brotli-devel-0:1.0.6-3.el8.s390x", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-devel-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.x86_64", }, product_reference: "brotli-devel-0:1.0.6-3.el8.x86_64", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.aarch64", }, product_reference: "python3-brotli-0:1.0.6-3.el8.aarch64", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.ppc64le", }, product_reference: "python3-brotli-0:1.0.6-3.el8.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.s390x", }, product_reference: "python3-brotli-0:1.0.6-3.el8.s390x", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.x86_64", }, product_reference: "python3-brotli-0:1.0.6-3.el8.x86_64", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", }, product_reference: "python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.i686", }, product_reference: "python3-brotli-debuginfo-0:1.0.6-3.el8.i686", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", }, product_reference: "python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", }, product_reference: "python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", }, product_reference: "python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", relates_to_product_reference: "BaseOS-8.4.0.GA", }, ], }, vulnerabilities: [ { cve: "CVE-2020-8927", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, discovery_date: "2020-09-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1879225", }, ], notes: [ { category: "description", text: "A buffer overflow flaw was found in the Brotli library where an attacker could control the input length of a \"one-shot\" decompression request to a script that can trigger a crash. This issue can happen when copying chunks of data larger than 2 GiB.", title: "Vulnerability description", }, { category: "summary", text: "brotli: buffer overflow when input chunk is larger than 2GiB", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.src", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.src", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-8927", }, { category: "external", summary: "RHBZ#1879225", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1879225", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-8927", url: "https://www.cve.org/CVERecord?id=CVE-2020-8927", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", }, ], release_date: "2020-08-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2021-05-18T13:42:13+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.src", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.src", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2021:1702", }, { category: "workaround", details: "This flaw can be mitigated by using Streaming API instead of the One-Shot API and imposing chunk size limitations.", product_ids: [ "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.src", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.src", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.src", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.src", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "brotli: buffer overflow when input chunk is larger than 2GiB", }, ], }
rhsa-2022_0827
Vulnerability from csaf_redhat
Published
2022-03-10 16:06
Modified
2024-11-22 18:37
Summary
Red Hat Security Advisory: .NET Core 3.1 security and bugfix update
Notes
Topic
An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.417 and .NET Runtime 3.1.23.
Security Fix(es):
* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)
* dotnet: double parser stack buffer overrun (CVE-2022-24512)
* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.417 and .NET Runtime 3.1.23.\n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)\n\n* dotnet: double parser stack buffer overrun (CVE-2022-24512)\n\n* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:0827", url: "https://access.redhat.com/errata/RHSA-2022:0827", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1879225", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1879225", }, { category: "external", summary: "2061847", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061847", }, { category: "external", summary: "2061854", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061854", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0827.json", }, ], title: "Red Hat Security Advisory: .NET Core 3.1 security and bugfix update", tracking: { current_release_date: "2024-11-22T18:37:18+00:00", generator: { date: "2024-11-22T18:37:18+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2022:0827", initial_release_date: "2022-03-10T16:06:18+00:00", revision_history: [ { date: "2022-03-10T16:06:18+00:00", number: "1", summary: "Initial version", }, { date: "2022-03-10T16:06:18+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T18:37:18+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 8)", product: { name: "Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:8::appstream", }, }, }, { category: "product_name", name: "Red Hat CodeReady Linux Builder (v. 8)", product: { name: "Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:8::crb", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", product: { name: "aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", product_id: "aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/aspnetcore-runtime-3.1@3.1.23-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", product: { name: "aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", product_id: "aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/aspnetcore-targeting-pack-3.1@3.1.23-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", product: { name: "dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", product_id: "dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-apphost-pack-3.1@3.1.23-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", product: { name: "dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", product_id: "dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-hostfxr-3.1@3.1.23-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", product: { name: "dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", product_id: "dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-runtime-3.1@3.1.23-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", product: { name: "dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", product_id: "dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-sdk-3.1@3.1.417-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", product: { name: "dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", product_id: "dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-targeting-pack-3.1@3.1.23-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", product: { name: "dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", product_id: "dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-templates-3.1@3.1.417-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", product: { name: "dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", product_id: "dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet3.1-debugsource@3.1.417-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", product: { name: "dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", product_id: "dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-apphost-pack-3.1-debuginfo@3.1.23-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", product: { name: "dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", product_id: "dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-hostfxr-3.1-debuginfo@3.1.23-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", product: { name: "dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", product_id: "dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-runtime-3.1-debuginfo@3.1.23-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", product: { name: "dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", product_id: "dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-sdk-3.1-debuginfo@3.1.417-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", product: { name: "dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", product_id: "dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet3.1-debuginfo@3.1.417-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", product: { name: "dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", product_id: "dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-sdk-3.1-source-built-artifacts@3.1.417-1.el8_5?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "dotnet3.1-0:3.1.417-1.el8_5.src", product: { name: "dotnet3.1-0:3.1.417-1.el8_5.src", product_id: "dotnet3.1-0:3.1.417-1.el8_5.src", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet3.1@3.1.417-1.el8_5?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", }, product_reference: "aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", }, product_reference: "aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", }, product_reference: "dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", }, product_reference: "dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", }, product_reference: "dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", }, product_reference: "dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", }, product_reference: "dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", }, product_reference: "dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", }, product_reference: "dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", }, product_reference: "dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", }, product_reference: "dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", }, product_reference: "dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", }, product_reference: "dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet3.1-0:3.1.417-1.el8_5.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", }, product_reference: "dotnet3.1-0:3.1.417-1.el8_5.src", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", }, product_reference: "dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", }, product_reference: "dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", }, product_reference: "aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", }, product_reference: "aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", }, product_reference: "dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", }, product_reference: "dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", }, product_reference: "dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", }, product_reference: "dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", }, product_reference: "dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", }, product_reference: "dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", }, product_reference: "dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", }, product_reference: "dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", }, product_reference: "dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", }, product_reference: "dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", }, product_reference: "dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet3.1-0:3.1.417-1.el8_5.src as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", }, product_reference: "dotnet3.1-0:3.1.417-1.el8_5.src", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", }, product_reference: "dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", }, product_reference: "dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, ], }, vulnerabilities: [ { cve: "CVE-2020-8927", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, discovery_date: "2020-09-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1879225", }, ], notes: [ { category: "description", text: "A buffer overflow flaw was found in the Brotli library where an attacker could control the input length of a \"one-shot\" decompression request to a script that can trigger a crash. This issue can happen when copying chunks of data larger than 2 GiB.", title: "Vulnerability description", }, { category: "summary", text: "brotli: buffer overflow when input chunk is larger than 2GiB", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-8927", }, { category: "external", summary: "RHBZ#1879225", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1879225", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-8927", url: "https://www.cve.org/CVERecord?id=CVE-2020-8927", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", }, ], release_date: "2020-08-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-03-10T16:06:18+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:0827", }, { category: "workaround", details: "This flaw can be mitigated by using Streaming API instead of the One-Shot API and imposing chunk size limitations.", product_ids: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "brotli: buffer overflow when input chunk is larger than 2GiB", }, { cve: "CVE-2022-24464", cwe: { id: "CWE-1173", name: "Improper Use of Validation Framework", }, discovery_date: "2022-03-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2061847", }, ], notes: [ { category: "description", text: "A flaw was found in .NET Core, related to the FormPipeReader. This issue allows remote unauthenticated attackers to cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "dotnet: ASP.NET Denial of Service via FormPipeReader", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24464", }, { category: "external", summary: "RHBZ#2061847", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061847", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24464", url: "https://www.cve.org/CVERecord?id=CVE-2022-24464", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24464", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24464", }, { category: "external", summary: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24464", url: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24464", }, ], release_date: "2022-03-08T18:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-03-10T16:06:18+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:0827", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "dotnet: ASP.NET Denial of Service via FormPipeReader", }, { cve: "CVE-2022-24512", cwe: { id: "CWE-120", name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, discovery_date: "2022-03-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2061854", }, ], notes: [ { category: "description", text: "A flaw was found in dotnet, where a buffer overrun exists in the double parse routine, which could lead to remote code execution. This flaw allows an attacker to execute code remotely on the system, leading to some system compromise.", title: "Vulnerability description", }, { category: "summary", text: "dotnet: double parser stack buffer overrun", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24512", }, { category: "external", summary: "RHBZ#2061854", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061854", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24512", url: "https://www.cve.org/CVERecord?id=CVE-2022-24512", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24512", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24512", }, { category: "external", summary: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512", url: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512", }, ], release_date: "2022-03-08T18:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-03-10T16:06:18+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:0827", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-3.1-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-0:3.1.417-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.417-1.el8_5.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "dotnet: double parser stack buffer overrun", }, ], }
RHSA-2021:1702
Vulnerability from csaf_redhat
Published
2021-05-18 13:42
Modified
2024-11-22 16:19
Summary
Red Hat Security Advisory: brotli security update
Notes
Topic
An update for brotli is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It is similar in speed with deflate but offers more dense compression.
Security Fix(es):
* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for brotli is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It is similar in speed with deflate but offers more dense compression. \n\nSecurity Fix(es):\n\n* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2021:1702", url: "https://access.redhat.com/errata/RHSA-2021:1702", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/", url: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/", }, { category: "external", summary: "1879225", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1879225", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_1702.json", }, ], title: "Red Hat Security Advisory: brotli security update", tracking: { current_release_date: "2024-11-22T16:19:42+00:00", generator: { date: "2024-11-22T16:19:42+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2021:1702", initial_release_date: "2021-05-18T13:42:13+00:00", revision_history: [ { date: "2021-05-18T13:42:13+00:00", number: "1", summary: "Initial version", }, { date: "2021-05-18T13:42:13+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T16:19:42+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 8)", product: { name: "Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:8::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux BaseOS (v. 8)", product: { name: "Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:8::baseos", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "brotli-devel-0:1.0.6-3.el8.aarch64", product: { name: "brotli-devel-0:1.0.6-3.el8.aarch64", product_id: "brotli-devel-0:1.0.6-3.el8.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-devel@1.0.6-3.el8?arch=aarch64", }, }, }, { category: "product_version", name: "python3-brotli-0:1.0.6-3.el8.aarch64", product: { name: "python3-brotli-0:1.0.6-3.el8.aarch64", product_id: "python3-brotli-0:1.0.6-3.el8.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-brotli@1.0.6-3.el8?arch=aarch64", }, }, }, { category: "product_version", name: "brotli-debugsource-0:1.0.6-3.el8.aarch64", product: { name: "brotli-debugsource-0:1.0.6-3.el8.aarch64", product_id: "brotli-debugsource-0:1.0.6-3.el8.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-debugsource@1.0.6-3.el8?arch=aarch64", }, }, }, { category: "product_version", name: "brotli-debuginfo-0:1.0.6-3.el8.aarch64", product: { name: "brotli-debuginfo-0:1.0.6-3.el8.aarch64", product_id: "brotli-debuginfo-0:1.0.6-3.el8.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-debuginfo@1.0.6-3.el8?arch=aarch64", }, }, }, { category: "product_version", name: "python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", product: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", product_id: "python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-brotli-debuginfo@1.0.6-3.el8?arch=aarch64", }, }, }, { category: "product_version", name: "brotli-0:1.0.6-3.el8.aarch64", product: { name: "brotli-0:1.0.6-3.el8.aarch64", product_id: "brotli-0:1.0.6-3.el8.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/brotli@1.0.6-3.el8?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "brotli-devel-0:1.0.6-3.el8.ppc64le", product: { name: "brotli-devel-0:1.0.6-3.el8.ppc64le", product_id: "brotli-devel-0:1.0.6-3.el8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-devel@1.0.6-3.el8?arch=ppc64le", }, }, }, { category: "product_version", name: "python3-brotli-0:1.0.6-3.el8.ppc64le", product: { name: "python3-brotli-0:1.0.6-3.el8.ppc64le", product_id: "python3-brotli-0:1.0.6-3.el8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/python3-brotli@1.0.6-3.el8?arch=ppc64le", }, }, }, { category: "product_version", name: "brotli-debugsource-0:1.0.6-3.el8.ppc64le", product: { name: "brotli-debugsource-0:1.0.6-3.el8.ppc64le", product_id: "brotli-debugsource-0:1.0.6-3.el8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-debugsource@1.0.6-3.el8?arch=ppc64le", }, }, }, { category: "product_version", name: "brotli-debuginfo-0:1.0.6-3.el8.ppc64le", product: { name: "brotli-debuginfo-0:1.0.6-3.el8.ppc64le", product_id: "brotli-debuginfo-0:1.0.6-3.el8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-debuginfo@1.0.6-3.el8?arch=ppc64le", }, }, }, { category: "product_version", name: "python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", product: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", product_id: "python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/python3-brotli-debuginfo@1.0.6-3.el8?arch=ppc64le", }, }, }, { category: "product_version", name: "brotli-0:1.0.6-3.el8.ppc64le", product: { name: "brotli-0:1.0.6-3.el8.ppc64le", product_id: "brotli-0:1.0.6-3.el8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/brotli@1.0.6-3.el8?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "brotli-devel-0:1.0.6-3.el8.i686", product: { name: "brotli-devel-0:1.0.6-3.el8.i686", product_id: "brotli-devel-0:1.0.6-3.el8.i686", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-devel@1.0.6-3.el8?arch=i686", }, }, }, { category: "product_version", name: "brotli-debugsource-0:1.0.6-3.el8.i686", product: { name: "brotli-debugsource-0:1.0.6-3.el8.i686", product_id: "brotli-debugsource-0:1.0.6-3.el8.i686", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-debugsource@1.0.6-3.el8?arch=i686", }, }, }, { category: "product_version", name: "brotli-debuginfo-0:1.0.6-3.el8.i686", product: { name: "brotli-debuginfo-0:1.0.6-3.el8.i686", product_id: "brotli-debuginfo-0:1.0.6-3.el8.i686", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-debuginfo@1.0.6-3.el8?arch=i686", }, }, }, { category: "product_version", name: "python3-brotli-debuginfo-0:1.0.6-3.el8.i686", product: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.i686", product_id: "python3-brotli-debuginfo-0:1.0.6-3.el8.i686", product_identification_helper: { purl: "pkg:rpm/redhat/python3-brotli-debuginfo@1.0.6-3.el8?arch=i686", }, }, }, { category: "product_version", name: "brotli-0:1.0.6-3.el8.i686", product: { name: "brotli-0:1.0.6-3.el8.i686", product_id: "brotli-0:1.0.6-3.el8.i686", product_identification_helper: { purl: "pkg:rpm/redhat/brotli@1.0.6-3.el8?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "brotli-devel-0:1.0.6-3.el8.x86_64", product: { name: "brotli-devel-0:1.0.6-3.el8.x86_64", product_id: "brotli-devel-0:1.0.6-3.el8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-devel@1.0.6-3.el8?arch=x86_64", }, }, }, { category: "product_version", name: "python3-brotli-0:1.0.6-3.el8.x86_64", product: { name: "python3-brotli-0:1.0.6-3.el8.x86_64", product_id: "python3-brotli-0:1.0.6-3.el8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-brotli@1.0.6-3.el8?arch=x86_64", }, }, }, { category: "product_version", name: "brotli-debugsource-0:1.0.6-3.el8.x86_64", product: { name: "brotli-debugsource-0:1.0.6-3.el8.x86_64", product_id: "brotli-debugsource-0:1.0.6-3.el8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-debugsource@1.0.6-3.el8?arch=x86_64", }, }, }, { category: "product_version", name: "brotli-debuginfo-0:1.0.6-3.el8.x86_64", product: { name: "brotli-debuginfo-0:1.0.6-3.el8.x86_64", product_id: "brotli-debuginfo-0:1.0.6-3.el8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-debuginfo@1.0.6-3.el8?arch=x86_64", }, }, }, { category: "product_version", name: "python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", product: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", product_id: "python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-brotli-debuginfo@1.0.6-3.el8?arch=x86_64", }, }, }, { category: "product_version", name: "brotli-0:1.0.6-3.el8.x86_64", product: { name: "brotli-0:1.0.6-3.el8.x86_64", product_id: "brotli-0:1.0.6-3.el8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/brotli@1.0.6-3.el8?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "brotli-devel-0:1.0.6-3.el8.s390x", product: { name: "brotli-devel-0:1.0.6-3.el8.s390x", product_id: "brotli-devel-0:1.0.6-3.el8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-devel@1.0.6-3.el8?arch=s390x", }, }, }, { category: "product_version", name: "python3-brotli-0:1.0.6-3.el8.s390x", product: { name: "python3-brotli-0:1.0.6-3.el8.s390x", product_id: "python3-brotli-0:1.0.6-3.el8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/python3-brotli@1.0.6-3.el8?arch=s390x", }, }, }, { category: "product_version", name: "brotli-debugsource-0:1.0.6-3.el8.s390x", product: { name: "brotli-debugsource-0:1.0.6-3.el8.s390x", product_id: "brotli-debugsource-0:1.0.6-3.el8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-debugsource@1.0.6-3.el8?arch=s390x", }, }, }, { category: "product_version", name: "brotli-debuginfo-0:1.0.6-3.el8.s390x", product: { name: "brotli-debuginfo-0:1.0.6-3.el8.s390x", product_id: "brotli-debuginfo-0:1.0.6-3.el8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-debuginfo@1.0.6-3.el8?arch=s390x", }, }, }, { category: "product_version", name: "python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", product: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", product_id: "python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/python3-brotli-debuginfo@1.0.6-3.el8?arch=s390x", }, }, }, { category: "product_version", name: "brotli-0:1.0.6-3.el8.s390x", product: { name: "brotli-0:1.0.6-3.el8.s390x", product_id: "brotli-0:1.0.6-3.el8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/brotli@1.0.6-3.el8?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "brotli-0:1.0.6-3.el8.src", product: { name: "brotli-0:1.0.6-3.el8.src", product_id: "brotli-0:1.0.6-3.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/brotli@1.0.6-3.el8?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "brotli-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.aarch64", }, product_reference: "brotli-0:1.0.6-3.el8.aarch64", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-0:1.0.6-3.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.i686", }, product_reference: "brotli-0:1.0.6-3.el8.i686", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.ppc64le", }, product_reference: "brotli-0:1.0.6-3.el8.ppc64le", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.s390x", }, product_reference: "brotli-0:1.0.6-3.el8.s390x", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-0:1.0.6-3.el8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.src", }, product_reference: "brotli-0:1.0.6-3.el8.src", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.x86_64", }, product_reference: "brotli-0:1.0.6-3.el8.x86_64", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debuginfo-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.aarch64", }, product_reference: "brotli-debuginfo-0:1.0.6-3.el8.aarch64", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debuginfo-0:1.0.6-3.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.i686", }, product_reference: "brotli-debuginfo-0:1.0.6-3.el8.i686", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debuginfo-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.ppc64le", }, product_reference: "brotli-debuginfo-0:1.0.6-3.el8.ppc64le", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debuginfo-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.s390x", }, product_reference: "brotli-debuginfo-0:1.0.6-3.el8.s390x", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debuginfo-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.x86_64", }, product_reference: "brotli-debuginfo-0:1.0.6-3.el8.x86_64", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debugsource-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.aarch64", }, product_reference: "brotli-debugsource-0:1.0.6-3.el8.aarch64", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debugsource-0:1.0.6-3.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.i686", }, product_reference: "brotli-debugsource-0:1.0.6-3.el8.i686", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debugsource-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.ppc64le", }, product_reference: "brotli-debugsource-0:1.0.6-3.el8.ppc64le", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debugsource-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.s390x", }, product_reference: "brotli-debugsource-0:1.0.6-3.el8.s390x", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debugsource-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.x86_64", }, product_reference: "brotli-debugsource-0:1.0.6-3.el8.x86_64", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-devel-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.aarch64", }, product_reference: "brotli-devel-0:1.0.6-3.el8.aarch64", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-devel-0:1.0.6-3.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.i686", }, product_reference: "brotli-devel-0:1.0.6-3.el8.i686", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-devel-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.ppc64le", }, product_reference: "brotli-devel-0:1.0.6-3.el8.ppc64le", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-devel-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.s390x", }, product_reference: "brotli-devel-0:1.0.6-3.el8.s390x", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-devel-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.x86_64", }, product_reference: "brotli-devel-0:1.0.6-3.el8.x86_64", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.aarch64", }, product_reference: "python3-brotli-0:1.0.6-3.el8.aarch64", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.ppc64le", }, product_reference: "python3-brotli-0:1.0.6-3.el8.ppc64le", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.s390x", }, product_reference: "python3-brotli-0:1.0.6-3.el8.s390x", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.x86_64", }, product_reference: "python3-brotli-0:1.0.6-3.el8.x86_64", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", }, product_reference: "python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.i686", }, product_reference: "python3-brotli-debuginfo-0:1.0.6-3.el8.i686", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", }, product_reference: "python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", }, product_reference: "python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", }, product_reference: "python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.aarch64", }, product_reference: "brotli-0:1.0.6-3.el8.aarch64", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-0:1.0.6-3.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.i686", }, product_reference: "brotli-0:1.0.6-3.el8.i686", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.ppc64le", }, product_reference: "brotli-0:1.0.6-3.el8.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.s390x", }, product_reference: "brotli-0:1.0.6-3.el8.s390x", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-0:1.0.6-3.el8.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.src", }, product_reference: "brotli-0:1.0.6-3.el8.src", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.x86_64", }, product_reference: "brotli-0:1.0.6-3.el8.x86_64", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debuginfo-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.aarch64", }, product_reference: "brotli-debuginfo-0:1.0.6-3.el8.aarch64", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debuginfo-0:1.0.6-3.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.i686", }, product_reference: "brotli-debuginfo-0:1.0.6-3.el8.i686", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debuginfo-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.ppc64le", }, product_reference: "brotli-debuginfo-0:1.0.6-3.el8.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debuginfo-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.s390x", }, product_reference: "brotli-debuginfo-0:1.0.6-3.el8.s390x", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debuginfo-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.x86_64", }, product_reference: "brotli-debuginfo-0:1.0.6-3.el8.x86_64", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debugsource-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.aarch64", }, product_reference: "brotli-debugsource-0:1.0.6-3.el8.aarch64", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debugsource-0:1.0.6-3.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.i686", }, product_reference: "brotli-debugsource-0:1.0.6-3.el8.i686", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debugsource-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.ppc64le", }, product_reference: "brotli-debugsource-0:1.0.6-3.el8.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debugsource-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.s390x", }, product_reference: "brotli-debugsource-0:1.0.6-3.el8.s390x", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debugsource-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.x86_64", }, product_reference: "brotli-debugsource-0:1.0.6-3.el8.x86_64", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-devel-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.aarch64", }, product_reference: "brotli-devel-0:1.0.6-3.el8.aarch64", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-devel-0:1.0.6-3.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.i686", }, product_reference: "brotli-devel-0:1.0.6-3.el8.i686", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-devel-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.ppc64le", }, product_reference: "brotli-devel-0:1.0.6-3.el8.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-devel-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.s390x", }, product_reference: "brotli-devel-0:1.0.6-3.el8.s390x", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-devel-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.x86_64", }, product_reference: "brotli-devel-0:1.0.6-3.el8.x86_64", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.aarch64", }, product_reference: "python3-brotli-0:1.0.6-3.el8.aarch64", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.ppc64le", }, product_reference: "python3-brotli-0:1.0.6-3.el8.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.s390x", }, product_reference: "python3-brotli-0:1.0.6-3.el8.s390x", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.x86_64", }, product_reference: "python3-brotli-0:1.0.6-3.el8.x86_64", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", }, product_reference: "python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.i686", }, product_reference: "python3-brotli-debuginfo-0:1.0.6-3.el8.i686", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", }, product_reference: "python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", }, product_reference: "python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", }, product_reference: "python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", relates_to_product_reference: "BaseOS-8.4.0.GA", }, ], }, vulnerabilities: [ { cve: "CVE-2020-8927", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, discovery_date: "2020-09-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1879225", }, ], notes: [ { category: "description", text: "A buffer overflow flaw was found in the Brotli library where an attacker could control the input length of a \"one-shot\" decompression request to a script that can trigger a crash. This issue can happen when copying chunks of data larger than 2 GiB.", title: "Vulnerability description", }, { category: "summary", text: "brotli: buffer overflow when input chunk is larger than 2GiB", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.src", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.src", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-8927", }, { category: "external", summary: "RHBZ#1879225", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1879225", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-8927", url: "https://www.cve.org/CVERecord?id=CVE-2020-8927", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", }, ], release_date: "2020-08-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2021-05-18T13:42:13+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.src", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.src", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2021:1702", }, { category: "workaround", details: "This flaw can be mitigated by using Streaming API instead of the One-Shot API and imposing chunk size limitations.", product_ids: [ "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.src", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.src", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.src", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.src", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "brotli: buffer overflow when input chunk is larger than 2GiB", }, ], }
RHSA-2022:0830
Vulnerability from csaf_redhat
Published
2022-03-10 16:05
Modified
2024-11-22 18:37
Summary
Red Hat Security Advisory: .NET 5.0 security and bugfix update
Notes
Topic
An update for .NET 5.0 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 5.0.212 and .NET Runtime 5.0.15.
Security Fix(es):
* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)
* dotnet: double parser stack buffer overrun (CVE-2022-24512)
* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for .NET 5.0 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 5.0.212 and .NET Runtime 5.0.15.\n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)\n\n* dotnet: double parser stack buffer overrun (CVE-2022-24512)\n\n* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:0830", url: "https://access.redhat.com/errata/RHSA-2022:0830", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1879225", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1879225", }, { category: "external", summary: "2061847", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061847", }, { category: "external", summary: "2061854", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061854", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0830.json", }, ], title: "Red Hat Security Advisory: .NET 5.0 security and bugfix update", tracking: { current_release_date: "2024-11-22T18:37:25+00:00", generator: { date: "2024-11-22T18:37:25+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2022:0830", initial_release_date: "2022-03-10T16:05:56+00:00", revision_history: [ { date: "2022-03-10T16:05:56+00:00", number: "1", summary: "Initial version", }, { date: "2022-03-10T16:05:56+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T18:37:25+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 8)", product: { name: "Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:8::appstream", }, }, }, { category: "product_name", name: "Red Hat CodeReady Linux Builder (v. 8)", product: { name: "Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:8::crb", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", product: { name: "aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", product_id: "aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/aspnetcore-runtime-5.0@5.0.15-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", product: { name: "aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", product_id: "aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/aspnetcore-targeting-pack-5.0@5.0.15-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", product: { name: "dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", product_id: "dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-apphost-pack-5.0@5.0.15-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", product: { name: "dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", product_id: "dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-hostfxr-5.0@5.0.15-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", product: { name: "dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", product_id: "dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-runtime-5.0@5.0.15-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", product: { name: "dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", product_id: "dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-sdk-5.0@5.0.212-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", product: { name: "dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", product_id: "dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-targeting-pack-5.0@5.0.15-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", product: { name: "dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", product_id: "dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-templates-5.0@5.0.212-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", product: { name: "dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", product_id: "dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet5.0-debugsource@5.0.212-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", product: { name: "dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", product_id: "dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-apphost-pack-5.0-debuginfo@5.0.15-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", product: { name: "dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", product_id: "dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-hostfxr-5.0-debuginfo@5.0.15-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", product: { name: "dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", product_id: "dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-runtime-5.0-debuginfo@5.0.15-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", product: { name: "dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", product_id: "dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-sdk-5.0-debuginfo@5.0.212-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", product: { name: "dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", product_id: "dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet5.0-debuginfo@5.0.212-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", product: { name: "dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", product_id: "dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-sdk-5.0-source-built-artifacts@5.0.212-1.el8_5?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "dotnet5.0-0:5.0.212-1.el8_5.src", product: { name: "dotnet5.0-0:5.0.212-1.el8_5.src", product_id: "dotnet5.0-0:5.0.212-1.el8_5.src", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet5.0@5.0.212-1.el8_5?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", }, product_reference: "aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", }, product_reference: "aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", }, product_reference: "dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", }, product_reference: "dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", }, product_reference: "dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", }, product_reference: "dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", }, product_reference: "dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", }, product_reference: "dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", }, product_reference: "dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", }, product_reference: "dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", }, product_reference: "dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", }, product_reference: "dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", }, product_reference: "dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet5.0-0:5.0.212-1.el8_5.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", }, product_reference: "dotnet5.0-0:5.0.212-1.el8_5.src", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", }, product_reference: "dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", }, product_reference: "dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", }, product_reference: "aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", }, product_reference: "aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", }, product_reference: "dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", }, product_reference: "dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", }, product_reference: "dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", }, product_reference: "dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", }, product_reference: "dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", }, product_reference: "dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", }, product_reference: "dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", }, product_reference: "dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", }, product_reference: "dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", }, product_reference: "dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", }, product_reference: "dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet5.0-0:5.0.212-1.el8_5.src as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", }, product_reference: "dotnet5.0-0:5.0.212-1.el8_5.src", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", }, product_reference: "dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", }, product_reference: "dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, ], }, vulnerabilities: [ { cve: "CVE-2020-8927", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, discovery_date: "2020-09-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1879225", }, ], notes: [ { category: "description", text: "A buffer overflow flaw was found in the Brotli library where an attacker could control the input length of a \"one-shot\" decompression request to a script that can trigger a crash. This issue can happen when copying chunks of data larger than 2 GiB.", title: "Vulnerability description", }, { category: "summary", text: "brotli: buffer overflow when input chunk is larger than 2GiB", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-8927", }, { category: "external", summary: "RHBZ#1879225", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1879225", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-8927", url: "https://www.cve.org/CVERecord?id=CVE-2020-8927", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", }, ], release_date: "2020-08-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-03-10T16:05:56+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:0830", }, { category: "workaround", details: "This flaw can be mitigated by using Streaming API instead of the One-Shot API and imposing chunk size limitations.", product_ids: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "brotli: buffer overflow when input chunk is larger than 2GiB", }, { cve: "CVE-2022-24464", cwe: { id: "CWE-1173", name: "Improper Use of Validation Framework", }, discovery_date: "2022-03-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2061847", }, ], notes: [ { category: "description", text: "A flaw was found in .NET Core, related to the FormPipeReader. This issue allows remote unauthenticated attackers to cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "dotnet: ASP.NET Denial of Service via FormPipeReader", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24464", }, { category: "external", summary: "RHBZ#2061847", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061847", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24464", url: "https://www.cve.org/CVERecord?id=CVE-2022-24464", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24464", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24464", }, { category: "external", summary: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24464", url: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24464", }, ], release_date: "2022-03-08T18:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-03-10T16:05:56+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:0830", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "dotnet: ASP.NET Denial of Service via FormPipeReader", }, { cve: "CVE-2022-24512", cwe: { id: "CWE-120", name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, discovery_date: "2022-03-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2061854", }, ], notes: [ { category: "description", text: "A flaw was found in dotnet, where a buffer overrun exists in the double parse routine, which could lead to remote code execution. This flaw allows an attacker to execute code remotely on the system, leading to some system compromise.", title: "Vulnerability description", }, { category: "summary", text: "dotnet: double parser stack buffer overrun", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24512", }, { category: "external", summary: "RHBZ#2061854", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061854", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24512", url: "https://www.cve.org/CVERecord?id=CVE-2022-24512", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24512", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24512", }, { category: "external", summary: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512", url: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512", }, ], release_date: "2022-03-08T18:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-03-10T16:05:56+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:0830", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "dotnet: double parser stack buffer overrun", }, ], }
rhsa-2022:0830
Vulnerability from csaf_redhat
Published
2022-03-10 16:05
Modified
2024-11-22 18:37
Summary
Red Hat Security Advisory: .NET 5.0 security and bugfix update
Notes
Topic
An update for .NET 5.0 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 5.0.212 and .NET Runtime 5.0.15.
Security Fix(es):
* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)
* dotnet: double parser stack buffer overrun (CVE-2022-24512)
* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for .NET 5.0 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 5.0.212 and .NET Runtime 5.0.15.\n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)\n\n* dotnet: double parser stack buffer overrun (CVE-2022-24512)\n\n* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:0830", url: "https://access.redhat.com/errata/RHSA-2022:0830", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1879225", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1879225", }, { category: "external", summary: "2061847", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061847", }, { category: "external", summary: "2061854", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061854", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0830.json", }, ], title: "Red Hat Security Advisory: .NET 5.0 security and bugfix update", tracking: { current_release_date: "2024-11-22T18:37:25+00:00", generator: { date: "2024-11-22T18:37:25+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2022:0830", initial_release_date: "2022-03-10T16:05:56+00:00", revision_history: [ { date: "2022-03-10T16:05:56+00:00", number: "1", summary: "Initial version", }, { date: "2022-03-10T16:05:56+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T18:37:25+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 8)", product: { name: "Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:8::appstream", }, }, }, { category: "product_name", name: "Red Hat CodeReady Linux Builder (v. 8)", product: { name: "Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:8::crb", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", product: { name: "aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", product_id: "aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/aspnetcore-runtime-5.0@5.0.15-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", product: { name: "aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", product_id: "aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/aspnetcore-targeting-pack-5.0@5.0.15-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", product: { name: "dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", product_id: "dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-apphost-pack-5.0@5.0.15-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", product: { name: "dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", product_id: "dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-hostfxr-5.0@5.0.15-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", product: { name: "dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", product_id: "dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-runtime-5.0@5.0.15-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", product: { name: "dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", product_id: "dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-sdk-5.0@5.0.212-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", product: { name: "dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", product_id: "dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-targeting-pack-5.0@5.0.15-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", product: { name: "dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", product_id: "dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-templates-5.0@5.0.212-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", product: { name: "dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", product_id: "dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet5.0-debugsource@5.0.212-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", product: { name: "dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", product_id: "dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-apphost-pack-5.0-debuginfo@5.0.15-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", product: { name: "dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", product_id: "dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-hostfxr-5.0-debuginfo@5.0.15-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", product: { name: "dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", product_id: "dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-runtime-5.0-debuginfo@5.0.15-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", product: { name: "dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", product_id: "dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-sdk-5.0-debuginfo@5.0.212-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", product: { name: "dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", product_id: "dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet5.0-debuginfo@5.0.212-1.el8_5?arch=x86_64", }, }, }, { category: "product_version", name: "dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", product: { name: "dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", product_id: "dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet-sdk-5.0-source-built-artifacts@5.0.212-1.el8_5?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "dotnet5.0-0:5.0.212-1.el8_5.src", product: { name: "dotnet5.0-0:5.0.212-1.el8_5.src", product_id: "dotnet5.0-0:5.0.212-1.el8_5.src", product_identification_helper: { purl: "pkg:rpm/redhat/dotnet5.0@5.0.212-1.el8_5?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", }, product_reference: "aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", }, product_reference: "aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", }, product_reference: "dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", }, product_reference: "dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", }, product_reference: "dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", }, product_reference: "dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", }, product_reference: "dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", }, product_reference: "dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", }, product_reference: "dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", }, product_reference: "dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", }, product_reference: "dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", }, product_reference: "dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", }, product_reference: "dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet5.0-0:5.0.212-1.el8_5.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", }, product_reference: "dotnet5.0-0:5.0.212-1.el8_5.src", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", }, product_reference: "dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", }, product_reference: "dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", relates_to_product_reference: "AppStream-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", }, product_reference: "aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", }, product_reference: "aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", }, product_reference: "dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", }, product_reference: "dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", }, product_reference: "dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", }, product_reference: "dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", }, product_reference: "dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", }, product_reference: "dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", }, product_reference: "dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", }, product_reference: "dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", }, product_reference: "dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", }, product_reference: "dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", }, product_reference: "dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet5.0-0:5.0.212-1.el8_5.src as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", }, product_reference: "dotnet5.0-0:5.0.212-1.el8_5.src", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", }, product_reference: "dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", product_id: "CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", }, product_reference: "dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", relates_to_product_reference: "CRB-8.5.0.Z.MAIN", }, ], }, vulnerabilities: [ { cve: "CVE-2020-8927", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, discovery_date: "2020-09-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1879225", }, ], notes: [ { category: "description", text: "A buffer overflow flaw was found in the Brotli library where an attacker could control the input length of a \"one-shot\" decompression request to a script that can trigger a crash. This issue can happen when copying chunks of data larger than 2 GiB.", title: "Vulnerability description", }, { category: "summary", text: "brotli: buffer overflow when input chunk is larger than 2GiB", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-8927", }, { category: "external", summary: "RHBZ#1879225", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1879225", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-8927", url: "https://www.cve.org/CVERecord?id=CVE-2020-8927", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", }, ], release_date: "2020-08-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-03-10T16:05:56+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:0830", }, { category: "workaround", details: "This flaw can be mitigated by using Streaming API instead of the One-Shot API and imposing chunk size limitations.", product_ids: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "brotli: buffer overflow when input chunk is larger than 2GiB", }, { cve: "CVE-2022-24464", cwe: { id: "CWE-1173", name: "Improper Use of Validation Framework", }, discovery_date: "2022-03-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2061847", }, ], notes: [ { category: "description", text: "A flaw was found in .NET Core, related to the FormPipeReader. This issue allows remote unauthenticated attackers to cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "dotnet: ASP.NET Denial of Service via FormPipeReader", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24464", }, { category: "external", summary: "RHBZ#2061847", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061847", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24464", url: "https://www.cve.org/CVERecord?id=CVE-2022-24464", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24464", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24464", }, { category: "external", summary: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24464", url: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24464", }, ], release_date: "2022-03-08T18:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-03-10T16:05:56+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:0830", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "dotnet: ASP.NET Denial of Service via FormPipeReader", }, { cve: "CVE-2022-24512", cwe: { id: "CWE-120", name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, discovery_date: "2022-03-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2061854", }, ], notes: [ { category: "description", text: "A flaw was found in dotnet, where a buffer overrun exists in the double parse routine, which could lead to remote code execution. This flaw allows an attacker to execute code remotely on the system, leading to some system compromise.", title: "Vulnerability description", }, { category: "summary", text: "dotnet: double parser stack buffer overrun", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24512", }, { category: "external", summary: "RHBZ#2061854", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061854", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24512", url: "https://www.cve.org/CVERecord?id=CVE-2022-24512", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24512", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24512", }, { category: "external", summary: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512", url: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512", }, ], release_date: "2022-03-08T18:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-03-10T16:05:56+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:0830", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "AppStream-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "AppStream-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.15-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet-templates-5.0-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-0:5.0.212-1.el8_5.src", "CRB-8.5.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.212-1.el8_5.x86_64", "CRB-8.5.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.212-1.el8_5.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "dotnet: double parser stack buffer overrun", }, ], }
rhsa-2022_0829
Vulnerability from csaf_redhat
Published
2022-03-10 16:12
Modified
2024-11-22 18:37
Summary
Red Hat Security Advisory: .NET Core 3.1 on RHEL 7 security and bugfix update
Notes
Topic
An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.417 and .NET Runtime 3.1.23.
Security Fix(es):
* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)
* dotnet: double parser stack buffer overrun (CVE-2022-24512)
* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.417 and .NET Runtime 3.1.23.\n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)\n\n* dotnet: double parser stack buffer overrun (CVE-2022-24512)\n\n* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:0829", url: "https://access.redhat.com/errata/RHSA-2022:0829", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1879225", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1879225", }, { category: "external", summary: "2061847", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061847", }, { category: "external", summary: "2061854", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061854", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0829.json", }, ], title: "Red Hat Security Advisory: .NET Core 3.1 on RHEL 7 security and bugfix update", tracking: { current_release_date: "2024-11-22T18:37:32+00:00", generator: { date: "2024-11-22T18:37:32+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2022:0829", initial_release_date: "2022-03-10T16:12:05+00:00", revision_history: [ { date: "2022-03-10T16:12:05+00:00", number: "1", summary: "Initial version", }, { date: "2022-03-10T16:12:05+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T18:37:32+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product: { name: ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_dotnet:3.1::el7", }, }, }, { category: "product_name", name: ".NET Core on Red Hat Enterprise Linux Server (v. 7)", product: { name: ".NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_dotnet:3.1::el7", }, }, }, { category: "product_name", name: ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product: { name: ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_dotnet:3.1::el7", }, }, }, ], category: "product_family", name: ".NET Core on Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", product: { name: "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", product_id: "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet31-aspnetcore-runtime-3.1@3.1.23-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", product: { name: "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", product_id: "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet31-aspnetcore-targeting-pack-3.1@3.1.23-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", product: { name: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", product_id: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet31-dotnet@3.1.417-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", product: { name: "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", product_id: "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet31-dotnet-apphost-pack-3.1@3.1.23-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", product: { name: "rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", product_id: "rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet31-dotnet-host@3.1.23-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", product: { name: "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", product_id: "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet31-dotnet-hostfxr-3.1@3.1.23-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", product: { name: "rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", product_id: "rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet31-dotnet-runtime-3.1@3.1.23-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", product: { name: "rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", product_id: "rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet31-dotnet-sdk-3.1@3.1.417-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", product: { name: "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", product_id: "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts@3.1.417-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", product: { name: "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", product_id: "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet31-dotnet-targeting-pack-3.1@3.1.23-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", product: { name: "rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", product_id: "rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet31-dotnet-templates-3.1@3.1.417-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", product: { name: "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", product_id: "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet31-netstandard-targeting-pack-2.1@3.1.417-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", product: { name: "rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", product_id: "rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet31-dotnet-debuginfo@3.1.417-1.el7_9?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", product: { name: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", product_id: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet31-dotnet@3.1.417-1.el7_9?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", }, product_reference: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", relates_to_product_reference: "7ComputeNode-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", }, product_reference: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", relates_to_product_reference: "7Server-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", }, product_reference: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", relates_to_product_reference: "7Workstation-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-3.1", }, ], }, vulnerabilities: [ { cve: "CVE-2020-8927", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, discovery_date: "2020-09-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1879225", }, ], notes: [ { category: "description", text: "A buffer overflow flaw was found in the Brotli library where an attacker could control the input length of a \"one-shot\" decompression request to a script that can trigger a crash. This issue can happen when copying chunks of data larger than 2 GiB.", title: "Vulnerability description", }, { category: "summary", text: "brotli: buffer overflow when input chunk is larger than 2GiB", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-8927", }, { category: "external", summary: "RHBZ#1879225", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1879225", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-8927", url: "https://www.cve.org/CVERecord?id=CVE-2020-8927", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", }, ], release_date: "2020-08-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-03-10T16:12:05+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:0829", }, { category: "workaround", details: "This flaw can be mitigated by using Streaming API instead of the One-Shot API and imposing chunk size limitations.", product_ids: [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "brotli: buffer overflow when input chunk is larger than 2GiB", }, { cve: "CVE-2022-24464", cwe: { id: "CWE-1173", name: "Improper Use of Validation Framework", }, discovery_date: "2022-03-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2061847", }, ], notes: [ { category: "description", text: "A flaw was found in .NET Core, related to the FormPipeReader. This issue allows remote unauthenticated attackers to cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "dotnet: ASP.NET Denial of Service via FormPipeReader", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24464", }, { category: "external", summary: "RHBZ#2061847", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061847", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24464", url: "https://www.cve.org/CVERecord?id=CVE-2022-24464", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24464", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24464", }, { category: "external", summary: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24464", url: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24464", }, ], release_date: "2022-03-08T18:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-03-10T16:12:05+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:0829", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "dotnet: ASP.NET Denial of Service via FormPipeReader", }, { cve: "CVE-2022-24512", cwe: { id: "CWE-120", name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, discovery_date: "2022-03-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2061854", }, ], notes: [ { category: "description", text: "A flaw was found in dotnet, where a buffer overrun exists in the double parse routine, which could lead to remote code execution. This flaw allows an attacker to execute code remotely on the system, leading to some system compromise.", title: "Vulnerability description", }, { category: "summary", text: "dotnet: double parser stack buffer overrun", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24512", }, { category: "external", summary: "RHBZ#2061854", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061854", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24512", url: "https://www.cve.org/CVERecord?id=CVE-2022-24512", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24512", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24512", }, { category: "external", summary: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512", url: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512", }, ], release_date: "2022-03-08T18:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-03-10T16:12:05+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:0829", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "dotnet: double parser stack buffer overrun", }, ], }
rhsa-2022:0829
Vulnerability from csaf_redhat
Published
2022-03-10 16:12
Modified
2024-11-22 18:37
Summary
Red Hat Security Advisory: .NET Core 3.1 on RHEL 7 security and bugfix update
Notes
Topic
An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.417 and .NET Runtime 3.1.23.
Security Fix(es):
* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)
* dotnet: double parser stack buffer overrun (CVE-2022-24512)
* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.417 and .NET Runtime 3.1.23.\n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)\n\n* dotnet: double parser stack buffer overrun (CVE-2022-24512)\n\n* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:0829", url: "https://access.redhat.com/errata/RHSA-2022:0829", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1879225", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1879225", }, { category: "external", summary: "2061847", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061847", }, { category: "external", summary: "2061854", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061854", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0829.json", }, ], title: "Red Hat Security Advisory: .NET Core 3.1 on RHEL 7 security and bugfix update", tracking: { current_release_date: "2024-11-22T18:37:32+00:00", generator: { date: "2024-11-22T18:37:32+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2022:0829", initial_release_date: "2022-03-10T16:12:05+00:00", revision_history: [ { date: "2022-03-10T16:12:05+00:00", number: "1", summary: "Initial version", }, { date: "2022-03-10T16:12:05+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T18:37:32+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product: { name: ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_dotnet:3.1::el7", }, }, }, { category: "product_name", name: ".NET Core on Red Hat Enterprise Linux Server (v. 7)", product: { name: ".NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_dotnet:3.1::el7", }, }, }, { category: "product_name", name: ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product: { name: ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_dotnet:3.1::el7", }, }, }, ], category: "product_family", name: ".NET Core on Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", product: { name: "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", product_id: "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet31-aspnetcore-runtime-3.1@3.1.23-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", product: { name: "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", product_id: "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet31-aspnetcore-targeting-pack-3.1@3.1.23-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", product: { name: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", product_id: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet31-dotnet@3.1.417-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", product: { name: "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", product_id: "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet31-dotnet-apphost-pack-3.1@3.1.23-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", product: { name: "rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", product_id: "rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet31-dotnet-host@3.1.23-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", product: { name: "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", product_id: "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet31-dotnet-hostfxr-3.1@3.1.23-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", product: { name: "rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", product_id: "rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet31-dotnet-runtime-3.1@3.1.23-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", product: { name: "rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", product_id: "rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet31-dotnet-sdk-3.1@3.1.417-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", product: { name: "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", product_id: "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts@3.1.417-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", product: { name: "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", product_id: "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet31-dotnet-targeting-pack-3.1@3.1.23-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", product: { name: "rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", product_id: "rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet31-dotnet-templates-3.1@3.1.417-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", product: { name: "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", product_id: "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet31-netstandard-targeting-pack-2.1@3.1.417-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", product: { name: "rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", product_id: "rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet31-dotnet-debuginfo@3.1.417-1.el7_9?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", product: { name: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", product_id: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet31-dotnet@3.1.417-1.el7_9?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", }, product_reference: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", relates_to_product_reference: "7ComputeNode-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", }, product_reference: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", relates_to_product_reference: "7Server-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", }, product_reference: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", relates_to_product_reference: "7Workstation-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-3.1", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", }, product_reference: "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-3.1", }, ], }, vulnerabilities: [ { cve: "CVE-2020-8927", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, discovery_date: "2020-09-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1879225", }, ], notes: [ { category: "description", text: "A buffer overflow flaw was found in the Brotli library where an attacker could control the input length of a \"one-shot\" decompression request to a script that can trigger a crash. This issue can happen when copying chunks of data larger than 2 GiB.", title: "Vulnerability description", }, { category: "summary", text: "brotli: buffer overflow when input chunk is larger than 2GiB", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-8927", }, { category: "external", summary: "RHBZ#1879225", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1879225", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-8927", url: "https://www.cve.org/CVERecord?id=CVE-2020-8927", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", }, ], release_date: "2020-08-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-03-10T16:12:05+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:0829", }, { category: "workaround", details: "This flaw can be mitigated by using Streaming API instead of the One-Shot API and imposing chunk size limitations.", product_ids: [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "brotli: buffer overflow when input chunk is larger than 2GiB", }, { cve: "CVE-2022-24464", cwe: { id: "CWE-1173", name: "Improper Use of Validation Framework", }, discovery_date: "2022-03-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2061847", }, ], notes: [ { category: "description", text: "A flaw was found in .NET Core, related to the FormPipeReader. This issue allows remote unauthenticated attackers to cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "dotnet: ASP.NET Denial of Service via FormPipeReader", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24464", }, { category: "external", summary: "RHBZ#2061847", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061847", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24464", url: "https://www.cve.org/CVERecord?id=CVE-2022-24464", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24464", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24464", }, { category: "external", summary: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24464", url: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24464", }, ], release_date: "2022-03-08T18:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-03-10T16:12:05+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:0829", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "dotnet: ASP.NET Denial of Service via FormPipeReader", }, { cve: "CVE-2022-24512", cwe: { id: "CWE-120", name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, discovery_date: "2022-03-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2061854", }, ], notes: [ { category: "description", text: "A flaw was found in dotnet, where a buffer overrun exists in the double parse routine, which could lead to remote code execution. This flaw allows an attacker to execute code remotely on the system, leading to some system compromise.", title: "Vulnerability description", }, { category: "summary", text: "dotnet: double parser stack buffer overrun", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24512", }, { category: "external", summary: "RHBZ#2061854", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061854", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24512", url: "https://www.cve.org/CVERecord?id=CVE-2022-24512", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24512", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24512", }, { category: "external", summary: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512", url: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512", }, ], release_date: "2022-03-08T18:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-03-10T16:12:05+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:0829", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.23-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.417-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.417-1.el7_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "dotnet: double parser stack buffer overrun", }, ], }
rhsa-2022:0828
Vulnerability from csaf_redhat
Published
2022-03-10 16:12
Modified
2024-11-22 18:37
Summary
Red Hat Security Advisory: .NET 5.0 on RHEL 7 security and bugfix update
Notes
Topic
An update for .NET 5.0 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 5.0.212 and .NET Runtime 5.0.15.
Security Fix(es):
* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)
* dotnet: double parser stack buffer overrun (CVE-2022-24512)
* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for .NET 5.0 is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 5.0.212 and .NET Runtime 5.0.15.\n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)\n\n* dotnet: double parser stack buffer overrun (CVE-2022-24512)\n\n* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:0828", url: "https://access.redhat.com/errata/RHSA-2022:0828", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1879225", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1879225", }, { category: "external", summary: "2061847", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061847", }, { category: "external", summary: "2061854", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061854", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0828.json", }, ], title: "Red Hat Security Advisory: .NET 5.0 on RHEL 7 security and bugfix update", tracking: { current_release_date: "2024-11-22T18:37:39+00:00", generator: { date: "2024-11-22T18:37:39+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2022:0828", initial_release_date: "2022-03-10T16:12:40+00:00", revision_history: [ { date: "2022-03-10T16:12:40+00:00", number: "1", summary: "Initial version", }, { date: "2022-03-10T16:12:40+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T18:37:39+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product: { name: ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_dotnet:5.0::el7", }, }, }, { category: "product_name", name: ".NET Core on Red Hat Enterprise Linux Server (v. 7)", product: { name: ".NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_dotnet:5.0::el7", }, }, }, { category: "product_name", name: ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product: { name: ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_dotnet:5.0::el7", }, }, }, ], category: "product_family", name: ".NET Core on Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", product: { name: "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", product_id: "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet50-aspnetcore-runtime-5.0@5.0.15-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", product: { name: "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", product_id: "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet50-aspnetcore-targeting-pack-5.0@5.0.15-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", product: { name: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", product_id: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet50-dotnet@5.0.212-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", product: { name: "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", product_id: "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet50-dotnet-apphost-pack-5.0@5.0.15-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", product: { name: "rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", product_id: "rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet50-dotnet-host@5.0.15-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", product: { name: "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", product_id: "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet50-dotnet-hostfxr-5.0@5.0.15-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", product: { name: "rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", product_id: "rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet50-dotnet-runtime-5.0@5.0.15-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", product: { name: "rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", product_id: "rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet50-dotnet-sdk-5.0@5.0.212-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", product: { name: "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", product_id: "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts@5.0.212-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", product: { name: "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", product_id: "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet50-dotnet-targeting-pack-5.0@5.0.15-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", product: { name: "rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", product_id: "rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet50-dotnet-templates-5.0@5.0.212-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", product: { name: "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", product_id: "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet50-netstandard-targeting-pack-2.1@5.0.212-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", product: { name: "rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", product_id: "rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet50-dotnet-debuginfo@5.0.212-1.el7_9?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", product: { name: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", product_id: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-dotnet50-dotnet@5.0.212-1.el7_9?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", }, product_reference: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", relates_to_product_reference: "7ComputeNode-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7ComputeNode-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", }, product_reference: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", relates_to_product_reference: "7Server-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7Server-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", }, product_reference: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", relates_to_product_reference: "7Workstation-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-5.0", }, { category: "default_component_of", full_product_name: { name: "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", }, product_reference: "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-dotNET-5.0", }, ], }, vulnerabilities: [ { cve: "CVE-2020-8927", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, discovery_date: "2020-09-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1879225", }, ], notes: [ { category: "description", text: "A buffer overflow flaw was found in the Brotli library where an attacker could control the input length of a \"one-shot\" decompression request to a script that can trigger a crash. This issue can happen when copying chunks of data larger than 2 GiB.", title: "Vulnerability description", }, { category: "summary", text: "brotli: buffer overflow when input chunk is larger than 2GiB", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-8927", }, { category: "external", summary: "RHBZ#1879225", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1879225", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-8927", url: "https://www.cve.org/CVERecord?id=CVE-2020-8927", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", }, ], release_date: "2020-08-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-03-10T16:12:40+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:0828", }, { category: "workaround", details: "This flaw can be mitigated by using Streaming API instead of the One-Shot API and imposing chunk size limitations.", product_ids: [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "brotli: buffer overflow when input chunk is larger than 2GiB", }, { cve: "CVE-2022-24464", cwe: { id: "CWE-1173", name: "Improper Use of Validation Framework", }, discovery_date: "2022-03-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2061847", }, ], notes: [ { category: "description", text: "A flaw was found in .NET Core, related to the FormPipeReader. This issue allows remote unauthenticated attackers to cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "dotnet: ASP.NET Denial of Service via FormPipeReader", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24464", }, { category: "external", summary: "RHBZ#2061847", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061847", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24464", url: "https://www.cve.org/CVERecord?id=CVE-2022-24464", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24464", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24464", }, { category: "external", summary: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24464", url: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24464", }, ], release_date: "2022-03-08T18:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-03-10T16:12:40+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:0828", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "dotnet: ASP.NET Denial of Service via FormPipeReader", }, { cve: "CVE-2022-24512", cwe: { id: "CWE-120", name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, discovery_date: "2022-03-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2061854", }, ], notes: [ { category: "description", text: "A flaw was found in dotnet, where a buffer overrun exists in the double parse routine, which could lead to remote code execution. This flaw allows an attacker to execute code remotely on the system, leading to some system compromise.", title: "Vulnerability description", }, { category: "summary", text: "dotnet: double parser stack buffer overrun", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24512", }, { category: "external", summary: "RHBZ#2061854", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061854", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24512", url: "https://www.cve.org/CVERecord?id=CVE-2022-24512", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24512", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24512", }, { category: "external", summary: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512", url: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512", }, ], release_date: "2022-03-08T18:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-03-10T16:12:40+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:0828", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.15-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.212-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.212-1.el7_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "dotnet: double parser stack buffer overrun", }, ], }
rhsa-2021:1702
Vulnerability from csaf_redhat
Published
2021-05-18 13:42
Modified
2024-11-22 16:19
Summary
Red Hat Security Advisory: brotli security update
Notes
Topic
An update for brotli is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It is similar in speed with deflate but offers more dense compression.
Security Fix(es):
* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for brotli is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It is similar in speed with deflate but offers more dense compression. \n\nSecurity Fix(es):\n\n* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2021:1702", url: "https://access.redhat.com/errata/RHSA-2021:1702", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/", url: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/", }, { category: "external", summary: "1879225", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1879225", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_1702.json", }, ], title: "Red Hat Security Advisory: brotli security update", tracking: { current_release_date: "2024-11-22T16:19:42+00:00", generator: { date: "2024-11-22T16:19:42+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2021:1702", initial_release_date: "2021-05-18T13:42:13+00:00", revision_history: [ { date: "2021-05-18T13:42:13+00:00", number: "1", summary: "Initial version", }, { date: "2021-05-18T13:42:13+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T16:19:42+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 8)", product: { name: "Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:8::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux BaseOS (v. 8)", product: { name: "Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:8::baseos", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "brotli-devel-0:1.0.6-3.el8.aarch64", product: { name: "brotli-devel-0:1.0.6-3.el8.aarch64", product_id: "brotli-devel-0:1.0.6-3.el8.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-devel@1.0.6-3.el8?arch=aarch64", }, }, }, { category: "product_version", name: "python3-brotli-0:1.0.6-3.el8.aarch64", product: { name: "python3-brotli-0:1.0.6-3.el8.aarch64", product_id: "python3-brotli-0:1.0.6-3.el8.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-brotli@1.0.6-3.el8?arch=aarch64", }, }, }, { category: "product_version", name: "brotli-debugsource-0:1.0.6-3.el8.aarch64", product: { name: "brotli-debugsource-0:1.0.6-3.el8.aarch64", product_id: "brotli-debugsource-0:1.0.6-3.el8.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-debugsource@1.0.6-3.el8?arch=aarch64", }, }, }, { category: "product_version", name: "brotli-debuginfo-0:1.0.6-3.el8.aarch64", product: { name: "brotli-debuginfo-0:1.0.6-3.el8.aarch64", product_id: "brotli-debuginfo-0:1.0.6-3.el8.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-debuginfo@1.0.6-3.el8?arch=aarch64", }, }, }, { category: "product_version", name: "python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", product: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", product_id: "python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-brotli-debuginfo@1.0.6-3.el8?arch=aarch64", }, }, }, { category: "product_version", name: "brotli-0:1.0.6-3.el8.aarch64", product: { name: "brotli-0:1.0.6-3.el8.aarch64", product_id: "brotli-0:1.0.6-3.el8.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/brotli@1.0.6-3.el8?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "brotli-devel-0:1.0.6-3.el8.ppc64le", product: { name: "brotli-devel-0:1.0.6-3.el8.ppc64le", product_id: "brotli-devel-0:1.0.6-3.el8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-devel@1.0.6-3.el8?arch=ppc64le", }, }, }, { category: "product_version", name: "python3-brotli-0:1.0.6-3.el8.ppc64le", product: { name: "python3-brotli-0:1.0.6-3.el8.ppc64le", product_id: "python3-brotli-0:1.0.6-3.el8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/python3-brotli@1.0.6-3.el8?arch=ppc64le", }, }, }, { category: "product_version", name: "brotli-debugsource-0:1.0.6-3.el8.ppc64le", product: { name: "brotli-debugsource-0:1.0.6-3.el8.ppc64le", product_id: "brotli-debugsource-0:1.0.6-3.el8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-debugsource@1.0.6-3.el8?arch=ppc64le", }, }, }, { category: "product_version", name: "brotli-debuginfo-0:1.0.6-3.el8.ppc64le", product: { name: "brotli-debuginfo-0:1.0.6-3.el8.ppc64le", product_id: "brotli-debuginfo-0:1.0.6-3.el8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-debuginfo@1.0.6-3.el8?arch=ppc64le", }, }, }, { category: "product_version", name: "python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", product: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", product_id: "python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/python3-brotli-debuginfo@1.0.6-3.el8?arch=ppc64le", }, }, }, { category: "product_version", name: "brotli-0:1.0.6-3.el8.ppc64le", product: { name: "brotli-0:1.0.6-3.el8.ppc64le", product_id: "brotli-0:1.0.6-3.el8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/brotli@1.0.6-3.el8?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "brotli-devel-0:1.0.6-3.el8.i686", product: { name: "brotli-devel-0:1.0.6-3.el8.i686", product_id: "brotli-devel-0:1.0.6-3.el8.i686", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-devel@1.0.6-3.el8?arch=i686", }, }, }, { category: "product_version", name: "brotli-debugsource-0:1.0.6-3.el8.i686", product: { name: "brotli-debugsource-0:1.0.6-3.el8.i686", product_id: "brotli-debugsource-0:1.0.6-3.el8.i686", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-debugsource@1.0.6-3.el8?arch=i686", }, }, }, { category: "product_version", name: "brotli-debuginfo-0:1.0.6-3.el8.i686", product: { name: "brotli-debuginfo-0:1.0.6-3.el8.i686", product_id: "brotli-debuginfo-0:1.0.6-3.el8.i686", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-debuginfo@1.0.6-3.el8?arch=i686", }, }, }, { category: "product_version", name: "python3-brotli-debuginfo-0:1.0.6-3.el8.i686", product: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.i686", product_id: "python3-brotli-debuginfo-0:1.0.6-3.el8.i686", product_identification_helper: { purl: "pkg:rpm/redhat/python3-brotli-debuginfo@1.0.6-3.el8?arch=i686", }, }, }, { category: "product_version", name: "brotli-0:1.0.6-3.el8.i686", product: { name: "brotli-0:1.0.6-3.el8.i686", product_id: "brotli-0:1.0.6-3.el8.i686", product_identification_helper: { purl: "pkg:rpm/redhat/brotli@1.0.6-3.el8?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "brotli-devel-0:1.0.6-3.el8.x86_64", product: { name: "brotli-devel-0:1.0.6-3.el8.x86_64", product_id: "brotli-devel-0:1.0.6-3.el8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-devel@1.0.6-3.el8?arch=x86_64", }, }, }, { category: "product_version", name: "python3-brotli-0:1.0.6-3.el8.x86_64", product: { name: "python3-brotli-0:1.0.6-3.el8.x86_64", product_id: "python3-brotli-0:1.0.6-3.el8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-brotli@1.0.6-3.el8?arch=x86_64", }, }, }, { category: "product_version", name: "brotli-debugsource-0:1.0.6-3.el8.x86_64", product: { name: "brotli-debugsource-0:1.0.6-3.el8.x86_64", product_id: "brotli-debugsource-0:1.0.6-3.el8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-debugsource@1.0.6-3.el8?arch=x86_64", }, }, }, { category: "product_version", name: "brotli-debuginfo-0:1.0.6-3.el8.x86_64", product: { name: "brotli-debuginfo-0:1.0.6-3.el8.x86_64", product_id: "brotli-debuginfo-0:1.0.6-3.el8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-debuginfo@1.0.6-3.el8?arch=x86_64", }, }, }, { category: "product_version", name: "python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", product: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", product_id: "python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-brotli-debuginfo@1.0.6-3.el8?arch=x86_64", }, }, }, { category: "product_version", name: "brotli-0:1.0.6-3.el8.x86_64", product: { name: "brotli-0:1.0.6-3.el8.x86_64", product_id: "brotli-0:1.0.6-3.el8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/brotli@1.0.6-3.el8?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "brotli-devel-0:1.0.6-3.el8.s390x", product: { name: "brotli-devel-0:1.0.6-3.el8.s390x", product_id: "brotli-devel-0:1.0.6-3.el8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-devel@1.0.6-3.el8?arch=s390x", }, }, }, { category: "product_version", name: "python3-brotli-0:1.0.6-3.el8.s390x", product: { name: "python3-brotli-0:1.0.6-3.el8.s390x", product_id: "python3-brotli-0:1.0.6-3.el8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/python3-brotli@1.0.6-3.el8?arch=s390x", }, }, }, { category: "product_version", name: "brotli-debugsource-0:1.0.6-3.el8.s390x", product: { name: "brotli-debugsource-0:1.0.6-3.el8.s390x", product_id: "brotli-debugsource-0:1.0.6-3.el8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-debugsource@1.0.6-3.el8?arch=s390x", }, }, }, { category: "product_version", name: "brotli-debuginfo-0:1.0.6-3.el8.s390x", product: { name: "brotli-debuginfo-0:1.0.6-3.el8.s390x", product_id: "brotli-debuginfo-0:1.0.6-3.el8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/brotli-debuginfo@1.0.6-3.el8?arch=s390x", }, }, }, { category: "product_version", name: "python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", product: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", product_id: "python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/python3-brotli-debuginfo@1.0.6-3.el8?arch=s390x", }, }, }, { category: "product_version", name: "brotli-0:1.0.6-3.el8.s390x", product: { name: "brotli-0:1.0.6-3.el8.s390x", product_id: "brotli-0:1.0.6-3.el8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/brotli@1.0.6-3.el8?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "brotli-0:1.0.6-3.el8.src", product: { name: "brotli-0:1.0.6-3.el8.src", product_id: "brotli-0:1.0.6-3.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/brotli@1.0.6-3.el8?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "brotli-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.aarch64", }, product_reference: "brotli-0:1.0.6-3.el8.aarch64", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-0:1.0.6-3.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.i686", }, product_reference: "brotli-0:1.0.6-3.el8.i686", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.ppc64le", }, product_reference: "brotli-0:1.0.6-3.el8.ppc64le", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.s390x", }, product_reference: "brotli-0:1.0.6-3.el8.s390x", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-0:1.0.6-3.el8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.src", }, product_reference: "brotli-0:1.0.6-3.el8.src", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.x86_64", }, product_reference: "brotli-0:1.0.6-3.el8.x86_64", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debuginfo-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.aarch64", }, product_reference: "brotli-debuginfo-0:1.0.6-3.el8.aarch64", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debuginfo-0:1.0.6-3.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.i686", }, product_reference: "brotli-debuginfo-0:1.0.6-3.el8.i686", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debuginfo-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.ppc64le", }, product_reference: "brotli-debuginfo-0:1.0.6-3.el8.ppc64le", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debuginfo-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.s390x", }, product_reference: "brotli-debuginfo-0:1.0.6-3.el8.s390x", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debuginfo-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.x86_64", }, product_reference: "brotli-debuginfo-0:1.0.6-3.el8.x86_64", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debugsource-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.aarch64", }, product_reference: "brotli-debugsource-0:1.0.6-3.el8.aarch64", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debugsource-0:1.0.6-3.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.i686", }, product_reference: "brotli-debugsource-0:1.0.6-3.el8.i686", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debugsource-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.ppc64le", }, product_reference: "brotli-debugsource-0:1.0.6-3.el8.ppc64le", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debugsource-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.s390x", }, product_reference: "brotli-debugsource-0:1.0.6-3.el8.s390x", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debugsource-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.x86_64", }, product_reference: "brotli-debugsource-0:1.0.6-3.el8.x86_64", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-devel-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.aarch64", }, product_reference: "brotli-devel-0:1.0.6-3.el8.aarch64", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-devel-0:1.0.6-3.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.i686", }, product_reference: "brotli-devel-0:1.0.6-3.el8.i686", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-devel-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.ppc64le", }, product_reference: "brotli-devel-0:1.0.6-3.el8.ppc64le", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-devel-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.s390x", }, product_reference: "brotli-devel-0:1.0.6-3.el8.s390x", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-devel-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.x86_64", }, product_reference: "brotli-devel-0:1.0.6-3.el8.x86_64", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.aarch64", }, product_reference: "python3-brotli-0:1.0.6-3.el8.aarch64", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.ppc64le", }, product_reference: "python3-brotli-0:1.0.6-3.el8.ppc64le", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.s390x", }, product_reference: "python3-brotli-0:1.0.6-3.el8.s390x", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.x86_64", }, product_reference: "python3-brotli-0:1.0.6-3.el8.x86_64", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", }, product_reference: "python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.i686", }, product_reference: "python3-brotli-debuginfo-0:1.0.6-3.el8.i686", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", }, product_reference: "python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", }, product_reference: "python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", }, product_reference: "python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", relates_to_product_reference: "AppStream-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.aarch64", }, product_reference: "brotli-0:1.0.6-3.el8.aarch64", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-0:1.0.6-3.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.i686", }, product_reference: "brotli-0:1.0.6-3.el8.i686", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.ppc64le", }, product_reference: "brotli-0:1.0.6-3.el8.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.s390x", }, product_reference: "brotli-0:1.0.6-3.el8.s390x", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-0:1.0.6-3.el8.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.src", }, product_reference: "brotli-0:1.0.6-3.el8.src", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.x86_64", }, product_reference: "brotli-0:1.0.6-3.el8.x86_64", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debuginfo-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.aarch64", }, product_reference: "brotli-debuginfo-0:1.0.6-3.el8.aarch64", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debuginfo-0:1.0.6-3.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.i686", }, product_reference: "brotli-debuginfo-0:1.0.6-3.el8.i686", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debuginfo-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.ppc64le", }, product_reference: "brotli-debuginfo-0:1.0.6-3.el8.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debuginfo-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.s390x", }, product_reference: "brotli-debuginfo-0:1.0.6-3.el8.s390x", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debuginfo-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.x86_64", }, product_reference: "brotli-debuginfo-0:1.0.6-3.el8.x86_64", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debugsource-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.aarch64", }, product_reference: "brotli-debugsource-0:1.0.6-3.el8.aarch64", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debugsource-0:1.0.6-3.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.i686", }, product_reference: "brotli-debugsource-0:1.0.6-3.el8.i686", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debugsource-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.ppc64le", }, product_reference: "brotli-debugsource-0:1.0.6-3.el8.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debugsource-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.s390x", }, product_reference: "brotli-debugsource-0:1.0.6-3.el8.s390x", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-debugsource-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.x86_64", }, product_reference: "brotli-debugsource-0:1.0.6-3.el8.x86_64", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-devel-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.aarch64", }, product_reference: "brotli-devel-0:1.0.6-3.el8.aarch64", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-devel-0:1.0.6-3.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.i686", }, product_reference: "brotli-devel-0:1.0.6-3.el8.i686", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-devel-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.ppc64le", }, product_reference: "brotli-devel-0:1.0.6-3.el8.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-devel-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.s390x", }, product_reference: "brotli-devel-0:1.0.6-3.el8.s390x", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "brotli-devel-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.x86_64", }, product_reference: "brotli-devel-0:1.0.6-3.el8.x86_64", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.aarch64", }, product_reference: "python3-brotli-0:1.0.6-3.el8.aarch64", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.ppc64le", }, product_reference: "python3-brotli-0:1.0.6-3.el8.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.s390x", }, product_reference: "python3-brotli-0:1.0.6-3.el8.s390x", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.x86_64", }, product_reference: "python3-brotli-0:1.0.6-3.el8.x86_64", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", }, product_reference: "python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.i686", }, product_reference: "python3-brotli-debuginfo-0:1.0.6-3.el8.i686", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", }, product_reference: "python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", }, product_reference: "python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", relates_to_product_reference: "BaseOS-8.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", }, product_reference: "python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", relates_to_product_reference: "BaseOS-8.4.0.GA", }, ], }, vulnerabilities: [ { cve: "CVE-2020-8927", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, discovery_date: "2020-09-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1879225", }, ], notes: [ { category: "description", text: "A buffer overflow flaw was found in the Brotli library where an attacker could control the input length of a \"one-shot\" decompression request to a script that can trigger a crash. This issue can happen when copying chunks of data larger than 2 GiB.", title: "Vulnerability description", }, { category: "summary", text: "brotli: buffer overflow when input chunk is larger than 2GiB", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.src", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.src", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-8927", }, { category: "external", summary: "RHBZ#1879225", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1879225", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-8927", url: "https://www.cve.org/CVERecord?id=CVE-2020-8927", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", }, ], release_date: "2020-08-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2021-05-18T13:42:13+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.src", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.src", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2021:1702", }, { category: "workaround", details: "This flaw can be mitigated by using Streaming API instead of the One-Shot API and imposing chunk size limitations.", product_ids: [ "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.src", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.src", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.src", "AppStream-8.4.0.GA:brotli-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.x86_64", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.i686", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", "AppStream-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.src", "BaseOS-8.4.0.GA:brotli-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-debuginfo-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-debugsource-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:brotli-devel-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:python3-brotli-0:1.0.6-3.el8.x86_64", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.aarch64", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.i686", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.ppc64le", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.s390x", "BaseOS-8.4.0.GA:python3-brotli-debuginfo-0:1.0.6-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "brotli: buffer overflow when input chunk is larger than 2GiB", }, ], }
opensuse-su-2020:1578-1
Vulnerability from csaf_opensuse
Published
2020-09-29 18:12
Modified
2020-09-29 18:12
Summary
Security update for brotli
Notes
Title of the patch
Security update for brotli
Description of the patch
This update for brotli fixes the following issues:
brotli was updated to 1.0.9:
* CVE-2020-8927: Fix integer overflow when input chunk is longer than 2GiB [boo#1175825]
* `brotli -v` now reports raw / compressed size
* decoder: minor speed / memory usage improvements
* encoder: fix rare access to uninitialized data in ring-buffer
Patchnames
openSUSE-2020-1578
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for brotli", title: "Title of the patch", }, { category: "description", text: "This update for brotli fixes the following issues:\n\nbrotli was updated to 1.0.9:\n\n* CVE-2020-8927: Fix integer overflow when input chunk is longer than 2GiB [boo#1175825]\n* `brotli -v` now reports raw / compressed size\n* decoder: minor speed / memory usage improvements\n* encoder: fix rare access to uninitialized data in ring-buffer\n", title: "Description of the patch", }, { category: "details", text: "openSUSE-2020-1578", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1578-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2020:1578-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/25MTVVM73V6W35S5ZGOBWISPZIE3DXIJ/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2020:1578-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/25MTVVM73V6W35S5ZGOBWISPZIE3DXIJ/", }, { category: "self", summary: "SUSE Bug 1175825", url: "https://bugzilla.suse.com/1175825", }, { category: "self", summary: "SUSE CVE CVE-2020-8927 page", url: "https://www.suse.com/security/cve/CVE-2020-8927/", }, ], title: "Security update for brotli", tracking: { current_release_date: "2020-09-29T18:12:59Z", generator: { date: "2020-09-29T18:12:59Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2020:1578-1", initial_release_date: "2020-09-29T18:12:59Z", revision_history: [ { date: "2020-09-29T18:12:59Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "brotli-1.0.9-lp152.2.3.1.i586", product: { name: "brotli-1.0.9-lp152.2.3.1.i586", product_id: "brotli-1.0.9-lp152.2.3.1.i586", }, }, { category: "product_version", name: "libbrotli-devel-1.0.9-lp152.2.3.1.i586", product: { name: "libbrotli-devel-1.0.9-lp152.2.3.1.i586", product_id: "libbrotli-devel-1.0.9-lp152.2.3.1.i586", }, }, { category: "product_version", name: "libbrotlicommon1-1.0.9-lp152.2.3.1.i586", product: { name: "libbrotlicommon1-1.0.9-lp152.2.3.1.i586", product_id: "libbrotlicommon1-1.0.9-lp152.2.3.1.i586", }, }, { category: "product_version", name: "libbrotlidec1-1.0.9-lp152.2.3.1.i586", product: { name: "libbrotlidec1-1.0.9-lp152.2.3.1.i586", product_id: "libbrotlidec1-1.0.9-lp152.2.3.1.i586", }, }, { category: "product_version", name: "libbrotlienc1-1.0.9-lp152.2.3.1.i586", product: { name: "libbrotlienc1-1.0.9-lp152.2.3.1.i586", product_id: "libbrotlienc1-1.0.9-lp152.2.3.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "brotli-1.0.9-lp152.2.3.1.x86_64", product: { name: "brotli-1.0.9-lp152.2.3.1.x86_64", product_id: "brotli-1.0.9-lp152.2.3.1.x86_64", }, }, { category: "product_version", name: "libbrotli-devel-1.0.9-lp152.2.3.1.x86_64", product: { name: "libbrotli-devel-1.0.9-lp152.2.3.1.x86_64", product_id: "libbrotli-devel-1.0.9-lp152.2.3.1.x86_64", }, }, { category: "product_version", name: "libbrotlicommon1-1.0.9-lp152.2.3.1.x86_64", product: { name: "libbrotlicommon1-1.0.9-lp152.2.3.1.x86_64", product_id: "libbrotlicommon1-1.0.9-lp152.2.3.1.x86_64", }, }, { category: "product_version", name: "libbrotlicommon1-32bit-1.0.9-lp152.2.3.1.x86_64", product: { name: "libbrotlicommon1-32bit-1.0.9-lp152.2.3.1.x86_64", product_id: "libbrotlicommon1-32bit-1.0.9-lp152.2.3.1.x86_64", }, }, { category: "product_version", name: "libbrotlidec1-1.0.9-lp152.2.3.1.x86_64", product: { name: "libbrotlidec1-1.0.9-lp152.2.3.1.x86_64", product_id: "libbrotlidec1-1.0.9-lp152.2.3.1.x86_64", }, }, { category: "product_version", name: "libbrotlidec1-32bit-1.0.9-lp152.2.3.1.x86_64", product: { name: "libbrotlidec1-32bit-1.0.9-lp152.2.3.1.x86_64", product_id: "libbrotlidec1-32bit-1.0.9-lp152.2.3.1.x86_64", }, }, { category: "product_version", name: "libbrotlienc1-1.0.9-lp152.2.3.1.x86_64", product: { name: "libbrotlienc1-1.0.9-lp152.2.3.1.x86_64", product_id: "libbrotlienc1-1.0.9-lp152.2.3.1.x86_64", }, }, { category: "product_version", name: "libbrotlienc1-32bit-1.0.9-lp152.2.3.1.x86_64", product: { name: "libbrotlienc1-32bit-1.0.9-lp152.2.3.1.x86_64", product_id: "libbrotlienc1-32bit-1.0.9-lp152.2.3.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Leap 15.2", product: { name: "openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.2", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "brotli-1.0.9-lp152.2.3.1.i586 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:brotli-1.0.9-lp152.2.3.1.i586", }, product_reference: "brotli-1.0.9-lp152.2.3.1.i586", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "brotli-1.0.9-lp152.2.3.1.x86_64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:brotli-1.0.9-lp152.2.3.1.x86_64", }, product_reference: "brotli-1.0.9-lp152.2.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "libbrotli-devel-1.0.9-lp152.2.3.1.i586 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:libbrotli-devel-1.0.9-lp152.2.3.1.i586", }, product_reference: "libbrotli-devel-1.0.9-lp152.2.3.1.i586", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "libbrotli-devel-1.0.9-lp152.2.3.1.x86_64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:libbrotli-devel-1.0.9-lp152.2.3.1.x86_64", }, product_reference: "libbrotli-devel-1.0.9-lp152.2.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "libbrotlicommon1-1.0.9-lp152.2.3.1.i586 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:libbrotlicommon1-1.0.9-lp152.2.3.1.i586", }, product_reference: "libbrotlicommon1-1.0.9-lp152.2.3.1.i586", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "libbrotlicommon1-1.0.9-lp152.2.3.1.x86_64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:libbrotlicommon1-1.0.9-lp152.2.3.1.x86_64", }, product_reference: "libbrotlicommon1-1.0.9-lp152.2.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "libbrotlicommon1-32bit-1.0.9-lp152.2.3.1.x86_64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:libbrotlicommon1-32bit-1.0.9-lp152.2.3.1.x86_64", }, product_reference: "libbrotlicommon1-32bit-1.0.9-lp152.2.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "libbrotlidec1-1.0.9-lp152.2.3.1.i586 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:libbrotlidec1-1.0.9-lp152.2.3.1.i586", }, product_reference: "libbrotlidec1-1.0.9-lp152.2.3.1.i586", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "libbrotlidec1-1.0.9-lp152.2.3.1.x86_64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:libbrotlidec1-1.0.9-lp152.2.3.1.x86_64", }, product_reference: "libbrotlidec1-1.0.9-lp152.2.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "libbrotlidec1-32bit-1.0.9-lp152.2.3.1.x86_64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:libbrotlidec1-32bit-1.0.9-lp152.2.3.1.x86_64", }, product_reference: "libbrotlidec1-32bit-1.0.9-lp152.2.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "libbrotlienc1-1.0.9-lp152.2.3.1.i586 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:libbrotlienc1-1.0.9-lp152.2.3.1.i586", }, product_reference: "libbrotlienc1-1.0.9-lp152.2.3.1.i586", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "libbrotlienc1-1.0.9-lp152.2.3.1.x86_64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:libbrotlienc1-1.0.9-lp152.2.3.1.x86_64", }, product_reference: "libbrotlienc1-1.0.9-lp152.2.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "libbrotlienc1-32bit-1.0.9-lp152.2.3.1.x86_64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:libbrotlienc1-32bit-1.0.9-lp152.2.3.1.x86_64", }, product_reference: "libbrotlienc1-32bit-1.0.9-lp152.2.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.2", }, ], }, vulnerabilities: [ { cve: "CVE-2020-8927", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-8927", }, ], notes: [ { category: "general", text: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:brotli-1.0.9-lp152.2.3.1.i586", "openSUSE Leap 15.2:brotli-1.0.9-lp152.2.3.1.x86_64", "openSUSE Leap 15.2:libbrotli-devel-1.0.9-lp152.2.3.1.i586", "openSUSE Leap 15.2:libbrotli-devel-1.0.9-lp152.2.3.1.x86_64", "openSUSE Leap 15.2:libbrotlicommon1-1.0.9-lp152.2.3.1.i586", "openSUSE Leap 15.2:libbrotlicommon1-1.0.9-lp152.2.3.1.x86_64", "openSUSE Leap 15.2:libbrotlicommon1-32bit-1.0.9-lp152.2.3.1.x86_64", "openSUSE Leap 15.2:libbrotlidec1-1.0.9-lp152.2.3.1.i586", "openSUSE Leap 15.2:libbrotlidec1-1.0.9-lp152.2.3.1.x86_64", "openSUSE Leap 15.2:libbrotlidec1-32bit-1.0.9-lp152.2.3.1.x86_64", "openSUSE Leap 15.2:libbrotlienc1-1.0.9-lp152.2.3.1.i586", "openSUSE Leap 15.2:libbrotlienc1-1.0.9-lp152.2.3.1.x86_64", "openSUSE Leap 15.2:libbrotlienc1-32bit-1.0.9-lp152.2.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-8927", url: "https://www.suse.com/security/cve/CVE-2020-8927", }, { category: "external", summary: "SUSE Bug 1175825 for CVE-2020-8927", url: "https://bugzilla.suse.com/1175825", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:brotli-1.0.9-lp152.2.3.1.i586", "openSUSE Leap 15.2:brotli-1.0.9-lp152.2.3.1.x86_64", "openSUSE Leap 15.2:libbrotli-devel-1.0.9-lp152.2.3.1.i586", "openSUSE Leap 15.2:libbrotli-devel-1.0.9-lp152.2.3.1.x86_64", "openSUSE Leap 15.2:libbrotlicommon1-1.0.9-lp152.2.3.1.i586", "openSUSE Leap 15.2:libbrotlicommon1-1.0.9-lp152.2.3.1.x86_64", "openSUSE Leap 15.2:libbrotlicommon1-32bit-1.0.9-lp152.2.3.1.x86_64", "openSUSE Leap 15.2:libbrotlidec1-1.0.9-lp152.2.3.1.i586", "openSUSE Leap 15.2:libbrotlidec1-1.0.9-lp152.2.3.1.x86_64", "openSUSE Leap 15.2:libbrotlidec1-32bit-1.0.9-lp152.2.3.1.x86_64", "openSUSE Leap 15.2:libbrotlienc1-1.0.9-lp152.2.3.1.i586", "openSUSE Leap 15.2:libbrotlienc1-1.0.9-lp152.2.3.1.x86_64", "openSUSE Leap 15.2:libbrotlienc1-32bit-1.0.9-lp152.2.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.2:brotli-1.0.9-lp152.2.3.1.i586", "openSUSE Leap 15.2:brotli-1.0.9-lp152.2.3.1.x86_64", "openSUSE Leap 15.2:libbrotli-devel-1.0.9-lp152.2.3.1.i586", "openSUSE Leap 15.2:libbrotli-devel-1.0.9-lp152.2.3.1.x86_64", "openSUSE Leap 15.2:libbrotlicommon1-1.0.9-lp152.2.3.1.i586", "openSUSE Leap 15.2:libbrotlicommon1-1.0.9-lp152.2.3.1.x86_64", "openSUSE Leap 15.2:libbrotlicommon1-32bit-1.0.9-lp152.2.3.1.x86_64", "openSUSE Leap 15.2:libbrotlidec1-1.0.9-lp152.2.3.1.i586", "openSUSE Leap 15.2:libbrotlidec1-1.0.9-lp152.2.3.1.x86_64", "openSUSE Leap 15.2:libbrotlidec1-32bit-1.0.9-lp152.2.3.1.x86_64", "openSUSE Leap 15.2:libbrotlienc1-1.0.9-lp152.2.3.1.i586", "openSUSE Leap 15.2:libbrotlienc1-1.0.9-lp152.2.3.1.x86_64", "openSUSE Leap 15.2:libbrotlienc1-32bit-1.0.9-lp152.2.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-09-29T18:12:59Z", details: "moderate", }, ], title: "CVE-2020-8927", }, ], }
opensuse-su-2024:11708-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
cargo-audit-advisory-db-20220105-1.1 on GA media
Notes
Title of the patch
cargo-audit-advisory-db-20220105-1.1 on GA media
Description of the patch
These are all security issues fixed in the cargo-audit-advisory-db-20220105-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11708
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "cargo-audit-advisory-db-20220105-1.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the cargo-audit-advisory-db-20220105-1.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-11708", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11708-1.json", }, { category: "self", summary: "SUSE CVE CVE-2020-8927 page", url: "https://www.suse.com/security/cve/CVE-2020-8927/", }, ], title: "cargo-audit-advisory-db-20220105-1.1 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:11708-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "cargo-audit-advisory-db-20220105-1.1.aarch64", product: { name: "cargo-audit-advisory-db-20220105-1.1.aarch64", product_id: "cargo-audit-advisory-db-20220105-1.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "cargo-audit-advisory-db-20220105-1.1.ppc64le", product: { name: "cargo-audit-advisory-db-20220105-1.1.ppc64le", product_id: "cargo-audit-advisory-db-20220105-1.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "cargo-audit-advisory-db-20220105-1.1.s390x", product: { name: "cargo-audit-advisory-db-20220105-1.1.s390x", product_id: "cargo-audit-advisory-db-20220105-1.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "cargo-audit-advisory-db-20220105-1.1.x86_64", product: { name: "cargo-audit-advisory-db-20220105-1.1.x86_64", product_id: "cargo-audit-advisory-db-20220105-1.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "cargo-audit-advisory-db-20220105-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:cargo-audit-advisory-db-20220105-1.1.aarch64", }, product_reference: "cargo-audit-advisory-db-20220105-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "cargo-audit-advisory-db-20220105-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:cargo-audit-advisory-db-20220105-1.1.ppc64le", }, product_reference: "cargo-audit-advisory-db-20220105-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "cargo-audit-advisory-db-20220105-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:cargo-audit-advisory-db-20220105-1.1.s390x", }, product_reference: "cargo-audit-advisory-db-20220105-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "cargo-audit-advisory-db-20220105-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:cargo-audit-advisory-db-20220105-1.1.x86_64", }, product_reference: "cargo-audit-advisory-db-20220105-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2020-8927", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-8927", }, ], notes: [ { category: "general", text: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:cargo-audit-advisory-db-20220105-1.1.aarch64", "openSUSE Tumbleweed:cargo-audit-advisory-db-20220105-1.1.ppc64le", "openSUSE Tumbleweed:cargo-audit-advisory-db-20220105-1.1.s390x", "openSUSE Tumbleweed:cargo-audit-advisory-db-20220105-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-8927", url: "https://www.suse.com/security/cve/CVE-2020-8927", }, { category: "external", summary: "SUSE Bug 1175825 for CVE-2020-8927", url: "https://bugzilla.suse.com/1175825", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:cargo-audit-advisory-db-20220105-1.1.aarch64", "openSUSE Tumbleweed:cargo-audit-advisory-db-20220105-1.1.ppc64le", "openSUSE Tumbleweed:cargo-audit-advisory-db-20220105-1.1.s390x", "openSUSE Tumbleweed:cargo-audit-advisory-db-20220105-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:cargo-audit-advisory-db-20220105-1.1.aarch64", "openSUSE Tumbleweed:cargo-audit-advisory-db-20220105-1.1.ppc64le", "openSUSE Tumbleweed:cargo-audit-advisory-db-20220105-1.1.s390x", "openSUSE Tumbleweed:cargo-audit-advisory-db-20220105-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-8927", }, ], }
opensuse-su-2021:3942-1
Vulnerability from csaf_opensuse
Published
2021-12-06 13:46
Modified
2021-12-06 13:46
Summary
Security update for brotli
Notes
Title of the patch
Security update for brotli
Description of the patch
This update for brotli fixes the following issues:
- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825).
Patchnames
openSUSE-SLE-15.3-2021-3942
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for brotli", title: "Title of the patch", }, { category: "description", text: "This update for brotli fixes the following issues:\n\n- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825).\n", title: "Description of the patch", }, { category: "details", text: "openSUSE-SLE-15.3-2021-3942", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_3942-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2021:3942-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EBYPFIZJBUFNGB65ETC2USVDXZRAANZW/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2021:3942-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EBYPFIZJBUFNGB65ETC2USVDXZRAANZW/", }, { category: "self", summary: "SUSE Bug 1175825", url: "https://bugzilla.suse.com/1175825", }, { category: "self", summary: "SUSE CVE CVE-2020-8927 page", url: "https://www.suse.com/security/cve/CVE-2020-8927/", }, ], title: "Security update for brotli", tracking: { current_release_date: "2021-12-06T13:46:28Z", generator: { date: "2021-12-06T13:46:28Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2021:3942-1", initial_release_date: "2021-12-06T13:46:28Z", revision_history: [ { date: "2021-12-06T13:46:28Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "brotli-1.0.7-3.3.1.aarch64", product: { name: "brotli-1.0.7-3.3.1.aarch64", product_id: "brotli-1.0.7-3.3.1.aarch64", }, }, { category: "product_version", name: "libbrotli-devel-1.0.7-3.3.1.aarch64", product: { name: "libbrotli-devel-1.0.7-3.3.1.aarch64", product_id: "libbrotli-devel-1.0.7-3.3.1.aarch64", }, }, { category: "product_version", name: "libbrotlicommon1-1.0.7-3.3.1.aarch64", product: { name: "libbrotlicommon1-1.0.7-3.3.1.aarch64", product_id: "libbrotlicommon1-1.0.7-3.3.1.aarch64", }, }, { category: "product_version", name: "libbrotlidec1-1.0.7-3.3.1.aarch64", product: { name: "libbrotlidec1-1.0.7-3.3.1.aarch64", product_id: "libbrotlidec1-1.0.7-3.3.1.aarch64", }, }, { category: "product_version", name: "libbrotlienc1-1.0.7-3.3.1.aarch64", product: { name: "libbrotlienc1-1.0.7-3.3.1.aarch64", product_id: "libbrotlienc1-1.0.7-3.3.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "brotli-1.0.7-3.3.1.ppc64le", product: { name: "brotli-1.0.7-3.3.1.ppc64le", product_id: "brotli-1.0.7-3.3.1.ppc64le", }, }, { category: "product_version", name: "libbrotli-devel-1.0.7-3.3.1.ppc64le", product: { name: "libbrotli-devel-1.0.7-3.3.1.ppc64le", product_id: "libbrotli-devel-1.0.7-3.3.1.ppc64le", }, }, { category: "product_version", name: "libbrotlicommon1-1.0.7-3.3.1.ppc64le", product: { name: "libbrotlicommon1-1.0.7-3.3.1.ppc64le", product_id: "libbrotlicommon1-1.0.7-3.3.1.ppc64le", }, }, { category: "product_version", name: "libbrotlidec1-1.0.7-3.3.1.ppc64le", product: { name: "libbrotlidec1-1.0.7-3.3.1.ppc64le", product_id: "libbrotlidec1-1.0.7-3.3.1.ppc64le", }, }, { category: "product_version", name: "libbrotlienc1-1.0.7-3.3.1.ppc64le", product: { name: "libbrotlienc1-1.0.7-3.3.1.ppc64le", product_id: "libbrotlienc1-1.0.7-3.3.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "brotli-1.0.7-3.3.1.s390x", product: { name: "brotli-1.0.7-3.3.1.s390x", product_id: "brotli-1.0.7-3.3.1.s390x", }, }, { category: "product_version", name: "libbrotli-devel-1.0.7-3.3.1.s390x", product: { name: "libbrotli-devel-1.0.7-3.3.1.s390x", product_id: "libbrotli-devel-1.0.7-3.3.1.s390x", }, }, { category: "product_version", name: "libbrotlicommon1-1.0.7-3.3.1.s390x", product: { name: "libbrotlicommon1-1.0.7-3.3.1.s390x", product_id: "libbrotlicommon1-1.0.7-3.3.1.s390x", }, }, { category: "product_version", name: "libbrotlidec1-1.0.7-3.3.1.s390x", product: { name: "libbrotlidec1-1.0.7-3.3.1.s390x", product_id: "libbrotlidec1-1.0.7-3.3.1.s390x", }, }, { category: "product_version", name: "libbrotlienc1-1.0.7-3.3.1.s390x", product: { name: "libbrotlienc1-1.0.7-3.3.1.s390x", product_id: "libbrotlienc1-1.0.7-3.3.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "brotli-1.0.7-3.3.1.x86_64", product: { name: "brotli-1.0.7-3.3.1.x86_64", product_id: "brotli-1.0.7-3.3.1.x86_64", }, }, { category: "product_version", name: "libbrotli-devel-1.0.7-3.3.1.x86_64", product: { name: "libbrotli-devel-1.0.7-3.3.1.x86_64", product_id: "libbrotli-devel-1.0.7-3.3.1.x86_64", }, }, { category: "product_version", name: "libbrotlicommon1-1.0.7-3.3.1.x86_64", product: { name: "libbrotlicommon1-1.0.7-3.3.1.x86_64", product_id: "libbrotlicommon1-1.0.7-3.3.1.x86_64", }, }, { category: "product_version", name: "libbrotlicommon1-32bit-1.0.7-3.3.1.x86_64", product: { name: "libbrotlicommon1-32bit-1.0.7-3.3.1.x86_64", product_id: "libbrotlicommon1-32bit-1.0.7-3.3.1.x86_64", }, }, { category: "product_version", name: "libbrotlidec1-1.0.7-3.3.1.x86_64", product: { name: "libbrotlidec1-1.0.7-3.3.1.x86_64", product_id: "libbrotlidec1-1.0.7-3.3.1.x86_64", }, }, { category: "product_version", name: "libbrotlidec1-32bit-1.0.7-3.3.1.x86_64", product: { name: "libbrotlidec1-32bit-1.0.7-3.3.1.x86_64", product_id: "libbrotlidec1-32bit-1.0.7-3.3.1.x86_64", }, }, { category: "product_version", name: "libbrotlienc1-1.0.7-3.3.1.x86_64", product: { name: "libbrotlienc1-1.0.7-3.3.1.x86_64", product_id: "libbrotlienc1-1.0.7-3.3.1.x86_64", }, }, { category: "product_version", name: "libbrotlienc1-32bit-1.0.7-3.3.1.x86_64", product: { name: "libbrotlienc1-32bit-1.0.7-3.3.1.x86_64", product_id: "libbrotlienc1-32bit-1.0.7-3.3.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Leap 15.3", product: { name: "openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.3", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "brotli-1.0.7-3.3.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:brotli-1.0.7-3.3.1.aarch64", }, product_reference: "brotli-1.0.7-3.3.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "brotli-1.0.7-3.3.1.ppc64le as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:brotli-1.0.7-3.3.1.ppc64le", }, product_reference: "brotli-1.0.7-3.3.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "brotli-1.0.7-3.3.1.s390x as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:brotli-1.0.7-3.3.1.s390x", }, product_reference: "brotli-1.0.7-3.3.1.s390x", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "brotli-1.0.7-3.3.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:brotli-1.0.7-3.3.1.x86_64", }, product_reference: "brotli-1.0.7-3.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "libbrotli-devel-1.0.7-3.3.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:libbrotli-devel-1.0.7-3.3.1.aarch64", }, product_reference: "libbrotli-devel-1.0.7-3.3.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "libbrotli-devel-1.0.7-3.3.1.ppc64le as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:libbrotli-devel-1.0.7-3.3.1.ppc64le", }, product_reference: "libbrotli-devel-1.0.7-3.3.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "libbrotli-devel-1.0.7-3.3.1.s390x as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:libbrotli-devel-1.0.7-3.3.1.s390x", }, product_reference: "libbrotli-devel-1.0.7-3.3.1.s390x", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "libbrotli-devel-1.0.7-3.3.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:libbrotli-devel-1.0.7-3.3.1.x86_64", }, product_reference: "libbrotli-devel-1.0.7-3.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "libbrotlicommon1-1.0.7-3.3.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:libbrotlicommon1-1.0.7-3.3.1.aarch64", }, product_reference: "libbrotlicommon1-1.0.7-3.3.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "libbrotlicommon1-1.0.7-3.3.1.ppc64le as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:libbrotlicommon1-1.0.7-3.3.1.ppc64le", }, product_reference: "libbrotlicommon1-1.0.7-3.3.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "libbrotlicommon1-1.0.7-3.3.1.s390x as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:libbrotlicommon1-1.0.7-3.3.1.s390x", }, product_reference: "libbrotlicommon1-1.0.7-3.3.1.s390x", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "libbrotlicommon1-1.0.7-3.3.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:libbrotlicommon1-1.0.7-3.3.1.x86_64", }, product_reference: "libbrotlicommon1-1.0.7-3.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "libbrotlicommon1-32bit-1.0.7-3.3.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:libbrotlicommon1-32bit-1.0.7-3.3.1.x86_64", }, product_reference: "libbrotlicommon1-32bit-1.0.7-3.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "libbrotlidec1-1.0.7-3.3.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:libbrotlidec1-1.0.7-3.3.1.aarch64", }, product_reference: "libbrotlidec1-1.0.7-3.3.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "libbrotlidec1-1.0.7-3.3.1.ppc64le as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:libbrotlidec1-1.0.7-3.3.1.ppc64le", }, product_reference: "libbrotlidec1-1.0.7-3.3.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "libbrotlidec1-1.0.7-3.3.1.s390x as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:libbrotlidec1-1.0.7-3.3.1.s390x", }, product_reference: "libbrotlidec1-1.0.7-3.3.1.s390x", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "libbrotlidec1-1.0.7-3.3.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:libbrotlidec1-1.0.7-3.3.1.x86_64", }, product_reference: "libbrotlidec1-1.0.7-3.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "libbrotlidec1-32bit-1.0.7-3.3.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:libbrotlidec1-32bit-1.0.7-3.3.1.x86_64", }, product_reference: "libbrotlidec1-32bit-1.0.7-3.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "libbrotlienc1-1.0.7-3.3.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:libbrotlienc1-1.0.7-3.3.1.aarch64", }, product_reference: "libbrotlienc1-1.0.7-3.3.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "libbrotlienc1-1.0.7-3.3.1.ppc64le as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:libbrotlienc1-1.0.7-3.3.1.ppc64le", }, product_reference: "libbrotlienc1-1.0.7-3.3.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "libbrotlienc1-1.0.7-3.3.1.s390x as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:libbrotlienc1-1.0.7-3.3.1.s390x", }, product_reference: "libbrotlienc1-1.0.7-3.3.1.s390x", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "libbrotlienc1-1.0.7-3.3.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:libbrotlienc1-1.0.7-3.3.1.x86_64", }, product_reference: "libbrotlienc1-1.0.7-3.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "libbrotlienc1-32bit-1.0.7-3.3.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:libbrotlienc1-32bit-1.0.7-3.3.1.x86_64", }, product_reference: "libbrotlienc1-32bit-1.0.7-3.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, ], }, vulnerabilities: [ { cve: "CVE-2020-8927", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-8927", }, ], notes: [ { category: "general", text: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.3:brotli-1.0.7-3.3.1.aarch64", "openSUSE Leap 15.3:brotli-1.0.7-3.3.1.ppc64le", "openSUSE Leap 15.3:brotli-1.0.7-3.3.1.s390x", "openSUSE Leap 15.3:brotli-1.0.7-3.3.1.x86_64", "openSUSE Leap 15.3:libbrotli-devel-1.0.7-3.3.1.aarch64", "openSUSE Leap 15.3:libbrotli-devel-1.0.7-3.3.1.ppc64le", "openSUSE Leap 15.3:libbrotli-devel-1.0.7-3.3.1.s390x", "openSUSE Leap 15.3:libbrotli-devel-1.0.7-3.3.1.x86_64", "openSUSE Leap 15.3:libbrotlicommon1-1.0.7-3.3.1.aarch64", "openSUSE Leap 15.3:libbrotlicommon1-1.0.7-3.3.1.ppc64le", "openSUSE Leap 15.3:libbrotlicommon1-1.0.7-3.3.1.s390x", "openSUSE Leap 15.3:libbrotlicommon1-1.0.7-3.3.1.x86_64", "openSUSE Leap 15.3:libbrotlicommon1-32bit-1.0.7-3.3.1.x86_64", "openSUSE Leap 15.3:libbrotlidec1-1.0.7-3.3.1.aarch64", "openSUSE Leap 15.3:libbrotlidec1-1.0.7-3.3.1.ppc64le", "openSUSE Leap 15.3:libbrotlidec1-1.0.7-3.3.1.s390x", "openSUSE Leap 15.3:libbrotlidec1-1.0.7-3.3.1.x86_64", "openSUSE Leap 15.3:libbrotlidec1-32bit-1.0.7-3.3.1.x86_64", "openSUSE Leap 15.3:libbrotlienc1-1.0.7-3.3.1.aarch64", "openSUSE Leap 15.3:libbrotlienc1-1.0.7-3.3.1.ppc64le", "openSUSE Leap 15.3:libbrotlienc1-1.0.7-3.3.1.s390x", "openSUSE Leap 15.3:libbrotlienc1-1.0.7-3.3.1.x86_64", "openSUSE Leap 15.3:libbrotlienc1-32bit-1.0.7-3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-8927", url: "https://www.suse.com/security/cve/CVE-2020-8927", }, { category: "external", summary: "SUSE Bug 1175825 for CVE-2020-8927", url: "https://bugzilla.suse.com/1175825", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.3:brotli-1.0.7-3.3.1.aarch64", "openSUSE Leap 15.3:brotli-1.0.7-3.3.1.ppc64le", "openSUSE Leap 15.3:brotli-1.0.7-3.3.1.s390x", "openSUSE Leap 15.3:brotli-1.0.7-3.3.1.x86_64", "openSUSE Leap 15.3:libbrotli-devel-1.0.7-3.3.1.aarch64", "openSUSE Leap 15.3:libbrotli-devel-1.0.7-3.3.1.ppc64le", "openSUSE Leap 15.3:libbrotli-devel-1.0.7-3.3.1.s390x", "openSUSE Leap 15.3:libbrotli-devel-1.0.7-3.3.1.x86_64", "openSUSE Leap 15.3:libbrotlicommon1-1.0.7-3.3.1.aarch64", "openSUSE Leap 15.3:libbrotlicommon1-1.0.7-3.3.1.ppc64le", "openSUSE Leap 15.3:libbrotlicommon1-1.0.7-3.3.1.s390x", "openSUSE Leap 15.3:libbrotlicommon1-1.0.7-3.3.1.x86_64", "openSUSE Leap 15.3:libbrotlicommon1-32bit-1.0.7-3.3.1.x86_64", "openSUSE Leap 15.3:libbrotlidec1-1.0.7-3.3.1.aarch64", "openSUSE Leap 15.3:libbrotlidec1-1.0.7-3.3.1.ppc64le", "openSUSE Leap 15.3:libbrotlidec1-1.0.7-3.3.1.s390x", "openSUSE Leap 15.3:libbrotlidec1-1.0.7-3.3.1.x86_64", "openSUSE Leap 15.3:libbrotlidec1-32bit-1.0.7-3.3.1.x86_64", "openSUSE Leap 15.3:libbrotlienc1-1.0.7-3.3.1.aarch64", "openSUSE Leap 15.3:libbrotlienc1-1.0.7-3.3.1.ppc64le", "openSUSE Leap 15.3:libbrotlienc1-1.0.7-3.3.1.s390x", "openSUSE Leap 15.3:libbrotlienc1-1.0.7-3.3.1.x86_64", "openSUSE Leap 15.3:libbrotlienc1-32bit-1.0.7-3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.3:brotli-1.0.7-3.3.1.aarch64", "openSUSE Leap 15.3:brotli-1.0.7-3.3.1.ppc64le", "openSUSE Leap 15.3:brotli-1.0.7-3.3.1.s390x", "openSUSE Leap 15.3:brotli-1.0.7-3.3.1.x86_64", "openSUSE Leap 15.3:libbrotli-devel-1.0.7-3.3.1.aarch64", "openSUSE Leap 15.3:libbrotli-devel-1.0.7-3.3.1.ppc64le", "openSUSE Leap 15.3:libbrotli-devel-1.0.7-3.3.1.s390x", "openSUSE Leap 15.3:libbrotli-devel-1.0.7-3.3.1.x86_64", "openSUSE Leap 15.3:libbrotlicommon1-1.0.7-3.3.1.aarch64", "openSUSE Leap 15.3:libbrotlicommon1-1.0.7-3.3.1.ppc64le", "openSUSE Leap 15.3:libbrotlicommon1-1.0.7-3.3.1.s390x", "openSUSE Leap 15.3:libbrotlicommon1-1.0.7-3.3.1.x86_64", "openSUSE Leap 15.3:libbrotlicommon1-32bit-1.0.7-3.3.1.x86_64", "openSUSE Leap 15.3:libbrotlidec1-1.0.7-3.3.1.aarch64", "openSUSE Leap 15.3:libbrotlidec1-1.0.7-3.3.1.ppc64le", "openSUSE Leap 15.3:libbrotlidec1-1.0.7-3.3.1.s390x", "openSUSE Leap 15.3:libbrotlidec1-1.0.7-3.3.1.x86_64", "openSUSE Leap 15.3:libbrotlidec1-32bit-1.0.7-3.3.1.x86_64", "openSUSE Leap 15.3:libbrotlienc1-1.0.7-3.3.1.aarch64", "openSUSE Leap 15.3:libbrotlienc1-1.0.7-3.3.1.ppc64le", "openSUSE Leap 15.3:libbrotlienc1-1.0.7-3.3.1.s390x", "openSUSE Leap 15.3:libbrotlienc1-1.0.7-3.3.1.x86_64", "openSUSE Leap 15.3:libbrotlienc1-32bit-1.0.7-3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-12-06T13:46:28Z", details: "moderate", }, ], title: "CVE-2020-8927", }, ], }
opensuse-su-2024:13224-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
python310-Brotli-1.1.0-1.1 on GA media
Notes
Title of the patch
python310-Brotli-1.1.0-1.1 on GA media
Description of the patch
These are all security issues fixed in the python310-Brotli-1.1.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-13224
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "python310-Brotli-1.1.0-1.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the python310-Brotli-1.1.0-1.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-13224", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13224-1.json", }, { category: "self", summary: "SUSE CVE CVE-2020-8927 page", url: "https://www.suse.com/security/cve/CVE-2020-8927/", }, ], title: "python310-Brotli-1.1.0-1.1 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:13224-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "python310-Brotli-1.1.0-1.1.aarch64", product: { name: "python310-Brotli-1.1.0-1.1.aarch64", product_id: "python310-Brotli-1.1.0-1.1.aarch64", }, }, { category: "product_version", name: "python311-Brotli-1.1.0-1.1.aarch64", product: { name: "python311-Brotli-1.1.0-1.1.aarch64", product_id: "python311-Brotli-1.1.0-1.1.aarch64", }, }, { category: "product_version", name: "python39-Brotli-1.1.0-1.1.aarch64", product: { name: "python39-Brotli-1.1.0-1.1.aarch64", product_id: "python39-Brotli-1.1.0-1.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "python310-Brotli-1.1.0-1.1.ppc64le", product: { name: "python310-Brotli-1.1.0-1.1.ppc64le", product_id: "python310-Brotli-1.1.0-1.1.ppc64le", }, }, { category: "product_version", name: "python311-Brotli-1.1.0-1.1.ppc64le", product: { name: "python311-Brotli-1.1.0-1.1.ppc64le", product_id: "python311-Brotli-1.1.0-1.1.ppc64le", }, }, { category: "product_version", name: "python39-Brotli-1.1.0-1.1.ppc64le", product: { name: "python39-Brotli-1.1.0-1.1.ppc64le", product_id: "python39-Brotli-1.1.0-1.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "python310-Brotli-1.1.0-1.1.s390x", product: { name: "python310-Brotli-1.1.0-1.1.s390x", product_id: "python310-Brotli-1.1.0-1.1.s390x", }, }, { category: "product_version", name: "python311-Brotli-1.1.0-1.1.s390x", product: { name: "python311-Brotli-1.1.0-1.1.s390x", product_id: "python311-Brotli-1.1.0-1.1.s390x", }, }, { category: "product_version", name: "python39-Brotli-1.1.0-1.1.s390x", product: { name: "python39-Brotli-1.1.0-1.1.s390x", product_id: "python39-Brotli-1.1.0-1.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "python310-Brotli-1.1.0-1.1.x86_64", product: { name: "python310-Brotli-1.1.0-1.1.x86_64", product_id: "python310-Brotli-1.1.0-1.1.x86_64", }, }, { category: "product_version", name: "python311-Brotli-1.1.0-1.1.x86_64", product: { name: "python311-Brotli-1.1.0-1.1.x86_64", product_id: "python311-Brotli-1.1.0-1.1.x86_64", }, }, { category: "product_version", name: "python39-Brotli-1.1.0-1.1.x86_64", product: { name: "python39-Brotli-1.1.0-1.1.x86_64", product_id: "python39-Brotli-1.1.0-1.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "python310-Brotli-1.1.0-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python310-Brotli-1.1.0-1.1.aarch64", }, product_reference: "python310-Brotli-1.1.0-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python310-Brotli-1.1.0-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python310-Brotli-1.1.0-1.1.ppc64le", }, product_reference: "python310-Brotli-1.1.0-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python310-Brotli-1.1.0-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python310-Brotli-1.1.0-1.1.s390x", }, product_reference: "python310-Brotli-1.1.0-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python310-Brotli-1.1.0-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python310-Brotli-1.1.0-1.1.x86_64", }, product_reference: "python310-Brotli-1.1.0-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python311-Brotli-1.1.0-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python311-Brotli-1.1.0-1.1.aarch64", }, product_reference: "python311-Brotli-1.1.0-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python311-Brotli-1.1.0-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python311-Brotli-1.1.0-1.1.ppc64le", }, product_reference: "python311-Brotli-1.1.0-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python311-Brotli-1.1.0-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python311-Brotli-1.1.0-1.1.s390x", }, product_reference: "python311-Brotli-1.1.0-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python311-Brotli-1.1.0-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python311-Brotli-1.1.0-1.1.x86_64", }, product_reference: "python311-Brotli-1.1.0-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python39-Brotli-1.1.0-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python39-Brotli-1.1.0-1.1.aarch64", }, product_reference: "python39-Brotli-1.1.0-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python39-Brotli-1.1.0-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python39-Brotli-1.1.0-1.1.ppc64le", }, product_reference: "python39-Brotli-1.1.0-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python39-Brotli-1.1.0-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python39-Brotli-1.1.0-1.1.s390x", }, product_reference: "python39-Brotli-1.1.0-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python39-Brotli-1.1.0-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python39-Brotli-1.1.0-1.1.x86_64", }, product_reference: "python39-Brotli-1.1.0-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2020-8927", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-8927", }, ], notes: [ { category: "general", text: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python310-Brotli-1.1.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Brotli-1.1.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Brotli-1.1.0-1.1.s390x", "openSUSE Tumbleweed:python310-Brotli-1.1.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Brotli-1.1.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Brotli-1.1.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Brotli-1.1.0-1.1.s390x", "openSUSE Tumbleweed:python311-Brotli-1.1.0-1.1.x86_64", "openSUSE Tumbleweed:python39-Brotli-1.1.0-1.1.aarch64", "openSUSE Tumbleweed:python39-Brotli-1.1.0-1.1.ppc64le", "openSUSE Tumbleweed:python39-Brotli-1.1.0-1.1.s390x", "openSUSE Tumbleweed:python39-Brotli-1.1.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-8927", url: "https://www.suse.com/security/cve/CVE-2020-8927", }, { category: "external", summary: "SUSE Bug 1175825 for CVE-2020-8927", url: "https://bugzilla.suse.com/1175825", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python310-Brotli-1.1.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Brotli-1.1.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Brotli-1.1.0-1.1.s390x", "openSUSE Tumbleweed:python310-Brotli-1.1.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Brotli-1.1.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Brotli-1.1.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Brotli-1.1.0-1.1.s390x", "openSUSE Tumbleweed:python311-Brotli-1.1.0-1.1.x86_64", "openSUSE Tumbleweed:python39-Brotli-1.1.0-1.1.aarch64", "openSUSE Tumbleweed:python39-Brotli-1.1.0-1.1.ppc64le", "openSUSE Tumbleweed:python39-Brotli-1.1.0-1.1.s390x", "openSUSE Tumbleweed:python39-Brotli-1.1.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:python310-Brotli-1.1.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Brotli-1.1.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Brotli-1.1.0-1.1.s390x", "openSUSE Tumbleweed:python310-Brotli-1.1.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Brotli-1.1.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Brotli-1.1.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Brotli-1.1.0-1.1.s390x", "openSUSE Tumbleweed:python311-Brotli-1.1.0-1.1.x86_64", "openSUSE Tumbleweed:python39-Brotli-1.1.0-1.1.aarch64", "openSUSE Tumbleweed:python39-Brotli-1.1.0-1.1.ppc64le", "openSUSE Tumbleweed:python39-Brotli-1.1.0-1.1.s390x", "openSUSE Tumbleweed:python39-Brotli-1.1.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-8927", }, ], }
var-202009-1442
Vulnerability from variot
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits. Brotli A classic buffer overflow vulnerability exists in the library.Information is tampered with and denial of service (DoS) It may be put into a state.
For the stable distribution (buster), this problem has been fixed in version 1.0.7-2+deb10u1.
We recommend that you upgrade your brotli packages.
For the detailed security status of brotli please refer to its security tracker page at: https://security-tracker.debian.org/tracker/brotli
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl/GuhkACgkQEMKTtsN8 TjZ68A/9ED9ToGA8pwsL99uHc4FA6EBIKzPDIz4I649PTvrKi8wpfa6RqrcfhcCE xfOx4+PiYaUqOnAy02O0cbkvzQvcGIVlrIxJ0v4/QFAbiuX5Gy/q9b3ZkHsIRybK +PywHjHEKBqwR9vetV1xYM8s4Smh6iwH+UjHxt9E0/KEHWQF17N094yubtrIJrDf irZDMFnXYCeWRrAZH5rwB6Be6X0nQri3WF9vcdBK61vktSv+iTVklCNbIKrQr1p8 SHPIlUBIp/LjeHaSq+ZNYzSwg1LVtGKqwlvWaRbiBY3Uf5VYyXVKRL7m8WDR7ozu GnfIpBnfttx2sptBAAq8OFx9hmzFEGVSfNy5sXbhb9HoUjX2URUUzN+1z71Da6Tz XrMgJlJ9YQrDAV0dpakztVdSbWV9Ub3bS3Jth3L42dsJGA7qyfs3KmsnkNJj5x3L dHQl6VZRxvUpsHE9zyKAN/rnPyvcrloZ04qxWtJKcvR113mFTlehKDTNjWzCnSic Knzzl/ArWjyNFQ+1kNwXbMSSIOvgBHYSwQI8rqjvaR33jk+P1Mt41VRzdwmT6t5c 4c85j18OrBdAfu1E7Fqy3MAeZq7dRR0prQzVAvxzUXgu/4G8nCvRbW6MDt2scnR0 BYT1fKy//PWHKdNzOMdjbE6Ab6rX0DbaNfHgpjsD2r0VYSv7W/E= =mzSF -----END PGP SIGNATURE----- . 8) - aarch64, ppc64le, s390x, x86_64
- Description:
Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It is similar in speed with deflate but offers more dense compression. Summary:
Red Hat Advanced Cluster Management for Kubernetes 2.2.4 General Availability release images, which fix several bugs and security issues. Description:
Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.2/html/release_notes/
Security fixes:
-
redisgraph-tls: redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309)
-
console-header-container: nodejs-netmask: improper input validation of octal input data (CVE-2021-28092)
-
console-container: nodejs-is-svg: ReDoS via malicious string (CVE-2021-28918)
Bug fixes:
-
RHACM 2.2.4 images (BZ# 1957254)
-
Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 (BZ#1950832)
-
ACM Operator should support using the default route TLS (BZ# 1955270)
-
The scrolling bar for search filter does not work properly (BZ# 1956852)
-
Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426)
-
The proxy setup in install-config.yaml is not worked when IPI installing with RHACM (BZ# 1960181)
-
Unable to make SSH connection to a Bitbucket server (BZ# 1966513)
-
Observability Thanos store shard crashing - cannot unmarshall DNS message (BZ# 1967890)
-
Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory 1954506 - [DDF] Table does not contain data about 20 clusters. Now it's difficult to estimate CPU usage with larger clusters 1954535 - Reinstall Submariner - No endpoints found on one cluster 1955270 - ACM Operator should support using the default route TLS 1956852 - The scrolling bar for search filter does not work properly 1957254 - RHACM 2.2.4 images 1959426 - Limits on Length of MultiClusterObservability Resource Name 1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. 1963128 - [DDF] Please rename this to "Amazon Elastic Kubernetes Service" 1966513 - Unable to make SSH connection to a Bitbucket server 1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. 1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message
- Description:
Windows Container Support for Red Hat OpenShift allows you to deploy Windows container workloads running on Windows Server containers.
Bug Fix(es):
-
WMCO patch pub-key-hash annotation to Linux node (BZ#1945248)
-
LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath (BZ#1952917)
-
Telemetry info not completely available to identify windows nodes (BZ#1955319)
-
WMCO incorrectly shows node as ready after a failed configuration (BZ#1956412)
-
kube-proxy service terminated unexpectedly after recreated LB service (BZ#1963263)
-
Solution:
For Windows Machine Config Operator upgrades, see the following documentation:
https://docs.openshift.com/container-platform/4.7/windows_containers/window s-node-upgrades.html
- Bugs fixed (https://bugzilla.redhat.com/):
1945248 - WMCO patch pub-key-hash annotation to Linux node 1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don't create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM 1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath 1955319 - Telemetry info not completely available to identify windows nodes 1956412 - WMCO incorrectly shows node as ready after a failed configuration 1963263 - kube-proxy service terminated unexpectedly after recreated LB service
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: .NET Core 3.1 on RHEL 7 security and bugfix update Advisory ID: RHSA-2022:0829-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0829 Issue date: 2022-03-10 CVE Names: CVE-2020-8927 CVE-2022-24464 CVE-2022-24512 =====================================================================
- Summary:
An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.417 and .NET Runtime 3.1.23.
Security Fix(es):
-
dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)
-
dotnet: double parser stack buffer overrun (CVE-2022-24512)
-
brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1879225 - CVE-2020-8927 brotli: buffer overflow when input chunk is larger than 2GiB 2061847 - CVE-2022-24464 dotnet: ASP.NET Denial of Service via FormPipeReader 2061854 - CVE-2022-24512 dotnet: double parser stack buffer overrun
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet31-dotnet-3.1.417-1.el7_9.src.rpm
x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.23-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.23-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.417-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.23-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.417-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.23-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.23-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.23-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.417-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-3.1.417-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.23-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.417-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.417-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet31-dotnet-3.1.417-1.el7_9.src.rpm
x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.23-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.23-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.417-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.23-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.417-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.23-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.23-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.23-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.417-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-3.1.417-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.23-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.417-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.417-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet31-dotnet-3.1.417-1.el7_9.src.rpm
x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.23-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.23-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.417-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.23-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.417-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.23-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.23-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.23-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.417-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-3.1.417-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.23-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.417-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.417-1.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-8927 https://access.redhat.com/security/cve/CVE-2022-24464 https://access.redhat.com/security/cve/CVE-2022-24512 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYippStzjgjWX9erEAQhIVQ/+KaWuTu5qx9aBrzo+gGMJbE0ldm+qAon9 x641a4Usu0ZC3y+DWhRCkM2hCHbxKIXg8WhLJ/GN2/VfAQwVRIt/YwOVarRkGuFF xb3YQ5LpA2iQcZ/QcwSobe3MeoJrTiXhq1hENEnkspELV08/q5EOKrvnvKVM7t96 pwK88Ry7lq5iYF9y0tHd38IunXAGVUQaNq2GJ54xFhvVmaNNDa4R8wvRJ0e/IhS0 VyIrtjktZCYyAKPmf/OqcPsVI6WueYSPU/W9jRU7z69JOBvqN1i1ZUnfIgaMPMVg VliTB5Z4fFJ1t1DTCH98iPHgUdxy5FBrbIEx0EIZSVDHs/WO3PXmI+x9H1kihSTV 9hmSZ5aX2bngR9oGqMemsFoa0kZGiGzHNJ+WRP6CPK1lJA+cSMnwTv0LBLrElAS0 m+OhpVoXOl1pS8yB9MdJpjNuv+hkIxiwdR056glF2/CdJUimDsIV+R5349/j51u1 iqPu7hsaoOGOl8U1qIfINtw9GNnImDw6EGpyxIdn8I4C3Z66TYYkfL0VKSODUxfm r/Ngyhhgud6Q5cyps4KH/TzKPwTEOyzpx4a8ehVbvRtN8HkdevZlDoFNBCT41uKJ Lpk32YK2TBvsNYYMvxoTYAVXW95jPFcexVT1ElYfnKbXmiMYMXhFKavpq5NaUOrD vbL/opMlrgQ= =vceG -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce .
Security Fix(es):
- golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)
- golang: net: lookup functions may return invalid host names (CVE-2021-33195)
- golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)
- golang: match/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)
- golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918)
- golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)
- golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196)
It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless client kn 1.16.0. This has been fixed (CVE-2021-3703). Solution:
See the Red Hat OpenShift Container Platform 4.6 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/ 4.6/html/serverless/index See the Red Hat OpenShift Container Platform 4.7 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/ 4.7/html/serverless/index See the Red Hat OpenShift Container Platform 4.8 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/ 4.8/html/serverless/index
- Bugs fixed (https://bugzilla.redhat.com/):
1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1983651 - Release of OpenShift Serverless Serving 1.17.0 1983654 - Release of OpenShift Serverless Eventing 1.17.0 1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names 1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty 1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents 1992955 - CVE-2021-3703 serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196
5
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202009-1442", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fedora", scope: "eq", trust: 1, vendor: "fedoraproject", version: "33", }, { model: "visual studio 2019", scope: "lte", trust: 1, vendor: "microsoft", version: "16.11", }, { model: ".net core", scope: "gte", trust: 1, vendor: "microsoft", version: "3.1", }, { model: "powershell", scope: "gte", trust: 1, vendor: "microsoft", version: "7.0", }, { model: "fedora", scope: "eq", trust: 1, vendor: "fedoraproject", version: "31", }, { model: "linux", scope: "eq", trust: 1, vendor: "debian", version: "10.0", }, { model: ".net", scope: "gte", trust: 1, vendor: "microsoft", version: "5.0", }, { model: "fedora", scope: "eq", trust: 1, vendor: "fedoraproject", version: "35", }, { model: "powershell", scope: "lt", trust: 1, vendor: "microsoft", version: "7.2.2", }, { model: "visual studio 2019", scope: "gte", trust: 1, vendor: "microsoft", version: "16.0", }, { model: "visual studio 2022", scope: "gte", trust: 1, vendor: "microsoft", version: "17.0", }, { model: "visual studio 2022", scope: "eq", trust: 1, vendor: "microsoft", version: "17.1", }, { model: "ubuntu linux", scope: "eq", trust: 1, vendor: "canonical", version: "18.04", }, { model: "powershell", scope: "gte", trust: 1, vendor: "microsoft", version: "7.1", }, { model: "leap", scope: "eq", trust: 1, vendor: "opensuse", version: "15.2", }, { model: "fedora", scope: "eq", trust: 1, vendor: "fedoraproject", version: "36", }, { model: "ubuntu linux", scope: "eq", trust: 1, vendor: "canonical", version: "16.04", }, { model: "powershell", scope: "lt", trust: 1, vendor: "microsoft", version: "7.0.9", }, { model: "fedora", scope: "eq", trust: 1, vendor: "fedoraproject", version: "34", }, { model: "powershell", scope: "lt", trust: 1, vendor: "microsoft", version: "7.1.6", }, { model: "brotli", scope: "lt", trust: 1, vendor: "google", version: "1.0.8", }, { model: "ubuntu linux", scope: "eq", trust: 1, vendor: "canonical", version: "20.04", }, { model: "visual studio 2022", scope: "lte", trust: 1, vendor: "microsoft", version: "17.0.7", }, { model: ".net", scope: "lte", trust: 1, vendor: "microsoft", version: "5.0.14", }, { model: "fedora", scope: "eq", trust: 1, vendor: "fedoraproject", version: "32", }, { model: ".net core", scope: "lte", trust: 1, vendor: "microsoft", version: "3.1.22", }, { model: "powershell", scope: "gte", trust: 1, vendor: "microsoft", version: "7.2", }, { model: "linux", scope: "eq", trust: 1, vendor: "debian", version: "9.0", }, { model: "brotli", scope: "eq", trust: 0.8, vendor: "google", version: null, }, { model: "brotli", scope: "lt", trust: 0.8, vendor: "google", version: "1.0.8 less than", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-011334", }, { db: "NVD", id: "CVE-2020-8927", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Red Hat", sources: [ { db: "PACKETSTORM", id: "162688", }, { db: "PACKETSTORM", id: "163188", }, { db: "PACKETSTORM", id: "163257", }, { db: "PACKETSTORM", id: "163496", }, { db: "PACKETSTORM", id: "166269", }, { db: "PACKETSTORM", id: "166267", }, { db: "PACKETSTORM", id: "164192", }, ], trust: 0.7, }, cve: "CVE-2020-8927", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 6.4, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "CVE-2020-8927", impactScore: 4.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.9, vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 3.9, id: "CVE-2020-8927", impactScore: 2.5, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "cve-coordination@google.com", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 3.9, id: "CVE-2020-8927", impactScore: 1.4, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "Low", baseScore: 6.5, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2020-8927", impactScore: null, integrityImpact: "Low", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2020-8927", trust: 1, value: "MEDIUM", }, { author: "cve-coordination@google.com", id: "CVE-2020-8927", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "CVE-2020-8927", trust: 0.8, value: "Medium", }, { author: "VULMON", id: "CVE-2020-8927", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2020-8927", }, { db: "JVNDB", id: "JVNDB-2020-011334", }, { db: "NVD", id: "CVE-2020-8927", }, { db: "NVD", id: "CVE-2020-8927", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits. Brotli A classic buffer overflow vulnerability exists in the library.Information is tampered with and denial of service (DoS) It may be put into a state. \n\nFor the stable distribution (buster), this problem has been fixed in\nversion 1.0.7-2+deb10u1. \n\nWe recommend that you upgrade your brotli packages. \n\nFor the detailed security status of brotli please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/brotli\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl/GuhkACgkQEMKTtsN8\nTjZ68A/9ED9ToGA8pwsL99uHc4FA6EBIKzPDIz4I649PTvrKi8wpfa6RqrcfhcCE\nxfOx4+PiYaUqOnAy02O0cbkvzQvcGIVlrIxJ0v4/QFAbiuX5Gy/q9b3ZkHsIRybK\n+PywHjHEKBqwR9vetV1xYM8s4Smh6iwH+UjHxt9E0/KEHWQF17N094yubtrIJrDf\nirZDMFnXYCeWRrAZH5rwB6Be6X0nQri3WF9vcdBK61vktSv+iTVklCNbIKrQr1p8\nSHPIlUBIp/LjeHaSq+ZNYzSwg1LVtGKqwlvWaRbiBY3Uf5VYyXVKRL7m8WDR7ozu\nGnfIpBnfttx2sptBAAq8OFx9hmzFEGVSfNy5sXbhb9HoUjX2URUUzN+1z71Da6Tz\nXrMgJlJ9YQrDAV0dpakztVdSbWV9Ub3bS3Jth3L42dsJGA7qyfs3KmsnkNJj5x3L\ndHQl6VZRxvUpsHE9zyKAN/rnPyvcrloZ04qxWtJKcvR113mFTlehKDTNjWzCnSic\nKnzzl/ArWjyNFQ+1kNwXbMSSIOvgBHYSwQI8rqjvaR33jk+P1Mt41VRzdwmT6t5c\n4c85j18OrBdAfu1E7Fqy3MAeZq7dRR0prQzVAvxzUXgu/4G8nCvRbW6MDt2scnR0\nBYT1fKy//PWHKdNzOMdjbE6Ab6rX0DbaNfHgpjsD2r0VYSv7W/E=\n=mzSF\n-----END PGP SIGNATURE-----\n. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nBrotli is a generic-purpose lossless compression algorithm that compresses\ndata using a combination of a modern variant of the LZ77 algorithm, Huffman\ncoding and 2nd order context modeling, with a compression ratio comparable\nto the best currently available general-purpose compression methods. It is\nsimilar in speed with deflate but offers more dense compression. Summary:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.2.4 General\nAvailability\nrelease images, which fix several bugs and security issues. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.2.4 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability\nengineers face as they work across a range of public and private cloud\nenvironments. \nClusters and applications are all visible and managed from a single\nconsole—with security policy built in. See\nthe following Release Notes documentation, which will be updated shortly\nfor\nthis release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana\ngement_for_kubernetes/2.2/html/release_notes/\n\nSecurity fixes:\n\n* redisgraph-tls: redis: integer overflow when configurable limit for\nmaximum supported bulk input size is too big on 32-bit platforms\n(CVE-2021-21309)\n\n* console-header-container: nodejs-netmask: improper input validation of\noctal input data (CVE-2021-28092)\n\n* console-container: nodejs-is-svg: ReDoS via malicious string\n(CVE-2021-28918)\n\nBug fixes: \n\n* RHACM 2.2.4 images (BZ# 1957254)\n\n* Enabling observability for OpenShift Container Storage with RHACM 2.2 on\nOCP 4.7 (BZ#1950832)\n\n* ACM Operator should support using the default route TLS (BZ# 1955270)\n\n* The scrolling bar for search filter does not work properly (BZ# 1956852)\n\n* Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426)\n\n* The proxy setup in install-config.yaml is not worked when IPI installing\nwith RHACM (BZ# 1960181)\n\n* Unable to make SSH connection to a Bitbucket server (BZ# 1966513)\n\n* Observability Thanos store shard crashing - cannot unmarshall DNS message\n(BZ# 1967890)\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms\n1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string\n1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data\n1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7\n1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory\n1954506 - [DDF] Table does not contain data about 20 clusters. Now it's difficult to estimate CPU usage with larger clusters\n1954535 - Reinstall Submariner - No endpoints found on one cluster\n1955270 - ACM Operator should support using the default route TLS\n1956852 - The scrolling bar for search filter does not work properly\n1957254 - RHACM 2.2.4 images\n1959426 - Limits on Length of MultiClusterObservability Resource Name\n1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. \n1963128 - [DDF] Please rename this to \"Amazon Elastic Kubernetes Service\"\n1966513 - Unable to make SSH connection to a Bitbucket server\n1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. \n1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message\n\n5. Description:\n\nWindows Container Support for Red Hat OpenShift allows you to deploy\nWindows container workloads running on Windows Server containers. \n\nBug Fix(es):\n\n* WMCO patch pub-key-hash annotation to Linux node (BZ#1945248)\n\n* LoadBalancer Service type with invalid external loadbalancer IP breaks\nthe datapath (BZ#1952917)\n\n* Telemetry info not completely available to identify windows nodes\n(BZ#1955319)\n\n* WMCO incorrectly shows node as ready after a failed configuration\n(BZ#1956412)\n\n* kube-proxy service terminated unexpectedly after recreated LB service\n(BZ#1963263)\n\n3. Solution:\n\nFor Windows Machine Config Operator upgrades, see the following\ndocumentation:\n\nhttps://docs.openshift.com/container-platform/4.7/windows_containers/window\ns-node-upgrades.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1945248 - WMCO patch pub-key-hash annotation to Linux node\n1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don't create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM\n1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath\n1955319 - Telemetry info not completely available to identify windows nodes\n1956412 - WMCO incorrectly shows node as ready after a failed configuration\n1963263 - kube-proxy service terminated unexpectedly after recreated LB service\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: .NET Core 3.1 on RHEL 7 security and bugfix update\nAdvisory ID: RHSA-2022:0829-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:0829\nIssue date: 2022-03-10\nCVE Names: CVE-2020-8927 CVE-2022-24464 CVE-2022-24512 \n=====================================================================\n\n1. Summary:\n\nAn update for .NET Core 3.1 is now available for Red Hat Enterprise Linux\n7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET is a managed-software framework. It implements a subset of the .NET\nframework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address security vulnerabilities are now\navailable. The updated versions are .NET SDK 3.1.417 and .NET Runtime\n3.1.23. \n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)\n\n* dotnet: double parser stack buffer overrun (CVE-2022-24512)\n\n* brotli: buffer overflow when input chunk is larger than 2GiB\n(CVE-2020-8927)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1879225 - CVE-2020-8927 brotli: buffer overflow when input chunk is larger than 2GiB\n2061847 - CVE-2022-24464 dotnet: ASP.NET Denial of Service via FormPipeReader\n2061854 - CVE-2022-24512 dotnet: double parser stack buffer overrun\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.417-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.23-1.el7_9.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.23-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-3.1.417-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.23-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.417-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.23-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.23-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.23-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.417-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-3.1.417-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.23-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.417-1.el7_9.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.417-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.417-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.23-1.el7_9.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.23-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-3.1.417-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.23-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.417-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.23-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.23-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.23-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.417-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-3.1.417-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.23-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.417-1.el7_9.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.417-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.417-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.23-1.el7_9.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.23-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-3.1.417-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.23-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.417-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.23-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.23-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.23-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.417-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-3.1.417-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.23-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.417-1.el7_9.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.417-1.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-8927\nhttps://access.redhat.com/security/cve/CVE-2022-24464\nhttps://access.redhat.com/security/cve/CVE-2022-24512\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is <secalert@redhat.com>. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYippStzjgjWX9erEAQhIVQ/+KaWuTu5qx9aBrzo+gGMJbE0ldm+qAon9\nx641a4Usu0ZC3y+DWhRCkM2hCHbxKIXg8WhLJ/GN2/VfAQwVRIt/YwOVarRkGuFF\nxb3YQ5LpA2iQcZ/QcwSobe3MeoJrTiXhq1hENEnkspELV08/q5EOKrvnvKVM7t96\npwK88Ry7lq5iYF9y0tHd38IunXAGVUQaNq2GJ54xFhvVmaNNDa4R8wvRJ0e/IhS0\nVyIrtjktZCYyAKPmf/OqcPsVI6WueYSPU/W9jRU7z69JOBvqN1i1ZUnfIgaMPMVg\nVliTB5Z4fFJ1t1DTCH98iPHgUdxy5FBrbIEx0EIZSVDHs/WO3PXmI+x9H1kihSTV\n9hmSZ5aX2bngR9oGqMemsFoa0kZGiGzHNJ+WRP6CPK1lJA+cSMnwTv0LBLrElAS0\nm+OhpVoXOl1pS8yB9MdJpjNuv+hkIxiwdR056glF2/CdJUimDsIV+R5349/j51u1\niqPu7hsaoOGOl8U1qIfINtw9GNnImDw6EGpyxIdn8I4C3Z66TYYkfL0VKSODUxfm\nr/Ngyhhgud6Q5cyps4KH/TzKPwTEOyzpx4a8ehVbvRtN8HkdevZlDoFNBCT41uKJ\nLpk32YK2TBvsNYYMvxoTYAVXW95jPFcexVT1ElYfnKbXmiMYMXhFKavpq5NaUOrD\nvbL/opMlrgQ=\n=vceG\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nSecurity Fix(es):\n\n* golang: crypto/tls: certificate of wrong type is causing TLS client to\npanic\n(CVE-2021-34558)\n* golang: net: lookup functions may return invalid host names\n(CVE-2021-33195)\n* golang: net/http/httputil: ReverseProxy forwards connection headers if\nfirst one is empty (CVE-2021-33197)\n* golang: match/big.Rat: may cause a panic or an unrecoverable fatal error\nif passed inputs with very large exponents (CVE-2021-33198)\n* golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a\ncustom TokenReader (CVE-2021-27918)\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a\nvery large header (CVE-2021-31525)\n* golang: archive/zip: malformed archive may cause panic or memory\nexhaustion (CVE-2021-33196)\n\nIt was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196\nhave been incorrectly mentioned as fixed in RHSA for Serverless client kn\n1.16.0. This has been fixed (CVE-2021-3703). Solution:\n\nSee the Red Hat OpenShift Container Platform 4.6 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/\n4.6/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.7 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/\n4.7/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.8 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/\n4.8/html/serverless/index\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic\n1983651 - Release of OpenShift Serverless Serving 1.17.0\n1983654 - Release of OpenShift Serverless Eventing 1.17.0\n1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names\n1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty\n1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents\n1992955 - CVE-2021-3703 serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196\n\n5", sources: [ { db: "NVD", id: "CVE-2020-8927", }, { db: "JVNDB", id: "JVNDB-2020-011334", }, { db: "VULMON", id: "CVE-2020-8927", }, { db: "PACKETSTORM", id: "168947", }, { db: "PACKETSTORM", id: "162688", }, { db: "PACKETSTORM", id: "163188", }, { db: "PACKETSTORM", id: "163257", }, { db: "PACKETSTORM", id: "163496", }, { db: "PACKETSTORM", id: "166269", }, { db: "PACKETSTORM", id: "166267", }, { db: "PACKETSTORM", id: "164192", }, ], trust: 2.43, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-8927", trust: 2.7, }, { db: "JVNDB", id: "JVNDB-2020-011334", trust: 0.8, }, { db: "VULMON", id: "CVE-2020-8927", trust: 0.1, }, { db: "PACKETSTORM", id: "168947", trust: 0.1, }, { db: "PACKETSTORM", id: "162688", trust: 0.1, }, { db: "PACKETSTORM", id: "163188", trust: 0.1, }, { db: "PACKETSTORM", id: "163257", trust: 0.1, }, { db: "PACKETSTORM", id: "163496", trust: 0.1, }, { db: "PACKETSTORM", id: "166269", trust: 0.1, }, { db: "PACKETSTORM", id: "166267", trust: 0.1, }, { db: "PACKETSTORM", id: "164192", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2020-8927", }, { db: "JVNDB", id: "JVNDB-2020-011334", }, { db: "PACKETSTORM", id: "168947", }, { db: "PACKETSTORM", id: "162688", }, { db: "PACKETSTORM", id: "163188", }, { db: "PACKETSTORM", id: "163257", }, { db: "PACKETSTORM", id: "163496", }, { db: "PACKETSTORM", id: "166269", }, { db: "PACKETSTORM", id: "166267", }, { db: "PACKETSTORM", id: "164192", }, { db: "NVD", id: "CVE-2020-8927", }, ], }, id: "VAR-202009-1442", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.19172932, }, last_update_date: "2024-11-29T22:30:24.749000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "v1.0.9", trust: 0.8, url: "https://github.com/google/brotli/releases/tag/v1.0.9", }, { title: "Debian Security Advisories: DSA-4801-1 brotli -- security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=7570b9060b84ef3d6e40a2c027a64477", }, { title: "Red Hat: Important: .NET Core 3.1 on RHEL 7 security and bugfix update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220829 - Security Advisory", }, { title: "Red Hat: Important: .NET Core 3.1 security and bugfix update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220827 - Security Advisory", }, { title: "Red Hat: Important: .NET 5.0 on RHEL 7 security and bugfix update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220828 - Security Advisory", }, { title: "Red Hat: Important: .NET 5.0 security and bugfix update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220830 - Security Advisory", }, { title: "Arch Linux Advisories: [ASA-202009-13] brotli: denial of service", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202009-13", }, { title: "Arch Linux Advisories: [ASA-202009-12] lib32-brotli: denial of service", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202009-12", }, { title: "Arch Linux Issues: ", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2020-8927 log", }, { title: "Red Hat: Moderate: OpenShift Container Platform 4.10.3 security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220056 - Security Advisory", }, { title: "CloudGuard-ShiftLeft-CICD-AWS", trust: 0.1, url: "https://github.com/jaydenaung/CloudGuard-ShiftLeft-CICD-AWS ", }, ], sources: [ { db: "VULMON", id: "CVE-2020-8927", }, { db: "JVNDB", id: "JVNDB-2020-011334", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-130", trust: 1, }, { problemtype: "CWE-120", trust: 1, }, { problemtype: "Classic buffer overflow (CWE-120) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-011334", }, { db: "NVD", id: "CVE-2020-8927", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.5, url: "https://nvd.nist.gov/vuln/detail/cve-2020-8927", }, { trust: 1.2, url: "https://www.debian.org/security/2020/dsa-4801", }, { trust: 1.1, url: "https://github.com/google/brotli/releases/tag/v1.0.9", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", }, { trust: 1.1, url: "https://usn.ubuntu.com/4568-1/", }, { trust: 1.1, url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4togtz2zwdh662znffszvl3m5ajxv6jf/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/w23cuadgmvmqqnfkhphxvp7rpzjznn6i/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/j4e265wkwkymk2ryysixbegztdy5iqe6/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/356joytww4bwsz42seflv7nyhl3s3aeh/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zxeq3gqvela2t4hnzg7vpms2hdvxmjrg/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/mqlm7abvcyjlf6jrpf3m3ebxw63gnc27/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ww62ozey2ghjl4jcoljrbsretxdhmwrk/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/m4vcdojgl6bk3hb4xrd2wetbpyx2itf6/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/mmbkacmlsrx7jjskbtr35uoep2wfr6qp/", }, { trust: 0.7, url: "https://access.redhat.com/security/cve/cve-2020-8927", }, { trust: 0.7, url: "https://listman.redhat.com/mailman/listinfo/rhsa-announce", }, { trust: 0.7, url: "https://bugzilla.redhat.com/):", }, { trust: 0.7, url: "https://access.redhat.com/security/team/contact/", }, { trust: 0.5, url: "https://access.redhat.com/security/updates/classification/#moderate", }, { trust: 0.4, url: "https://access.redhat.com/security/cve/cve-2020-8286", }, { trust: 0.4, url: "https://access.redhat.com/security/cve/cve-2020-28196", }, { trust: 0.4, url: "https://access.redhat.com/security/cve/cve-2020-15358", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2020-15358", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2017-14502", }, { trust: 0.4, url: "https://access.redhat.com/security/cve/cve-2020-13434", }, { trust: 0.4, url: "https://access.redhat.com/security/cve/cve-2020-8231", }, { trust: 0.4, url: "https://access.redhat.com/security/cve/cve-2020-29362", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2020-13434", }, { trust: 0.4, url: "https://access.redhat.com/security/cve/cve-2017-14502", }, { trust: 0.4, url: "https://access.redhat.com/security/cve/cve-2020-8285", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2016-10228", }, { trust: 0.4, url: "https://access.redhat.com/security/cve/cve-2019-9169", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2019-25013", }, { trust: 0.4, url: "https://access.redhat.com/security/cve/cve-2020-29361", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2019-9169", }, { trust: 0.4, url: "https://access.redhat.com/security/cve/cve-2021-3326", }, { trust: 0.4, url: "https://access.redhat.com/security/cve/cve-2019-25013", }, { trust: 0.4, url: "https://access.redhat.com/security/cve/cve-2019-2708", }, { trust: 0.4, url: "https://access.redhat.com/security/cve/cve-2020-29363", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2019-2708", }, { trust: 0.4, url: "https://access.redhat.com/security/cve/cve-2016-10228", }, { trust: 0.4, url: "https://access.redhat.com/security/cve/cve-2020-8284", }, { trust: 0.4, url: "https://access.redhat.com/security/cve/cve-2020-27618", }, { trust: 0.3, url: "https://access.redhat.com/articles/11258", }, { trust: 0.3, url: "https://access.redhat.com/security/team/key/", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2020-13776", }, { trust: 0.3, url: "https://access.redhat.com/security/cve/cve-2019-3842", }, { trust: 0.3, url: "https://access.redhat.com/security/cve/cve-2020-13776", }, { trust: 0.3, url: "https://access.redhat.com/security/cve/cve-2020-24977", }, { trust: 0.3, url: "https://access.redhat.com/security/cve/cve-2021-27219", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2019-3842", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2020-29362", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2020-8284", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2020-8285", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2020-8286", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2020-27618", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2021-3326", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2020-29363", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2020-8231", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2020-29361", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2020-28196", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2021-20305", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2021-27219", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2021-20305", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2021-3449", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2021-3450", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-24977", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2021-27918", }, { trust: 0.2, url: "https://access.redhat.com/documentation/en-us/openshift_container_platform/", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2021-31525", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2021-31525", }, { trust: 0.2, url: "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2021-27918", }, { trust: 0.2, url: "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2021-33196", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2021-33196", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2022-24512", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2022-24464", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2022-24464", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2022-24512", }, { trust: 0.2, url: "https://access.redhat.com/security/updates/classification/#important", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/120.html", }, { trust: 0.1, url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/mmbkacmlsrx7jjskbtr35uoep2wfr6qp/", }, { trust: 0.1, url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ww62ozey2ghjl4jcoljrbsretxdhmwrk/", }, { trust: 0.1, url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/m4vcdojgl6bk3hb4xrd2wetbpyx2itf6/", }, { trust: 0.1, url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/j4e265wkwkymk2ryysixbegztdy5iqe6/", }, { trust: 0.1, url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/w23cuadgmvmqqnfkhphxvp7rpzjznn6i/", }, { trust: 0.1, url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356joytww4bwsz42seflv7nyhl3s3aeh/", }, { trust: 0.1, url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zxeq3gqvela2t4hnzg7vpms2hdvxmjrg/", }, { trust: 0.1, url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/mqlm7abvcyjlf6jrpf3m3ebxw63gnc27/", }, { trust: 0.1, url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4togtz2zwdh662znffszvl3m5ajxv6jf/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://msrc.microsoft.com/update-guide/vulnerability/cve-2020-8927", }, { trust: 0.1, url: "https://www.debian.org/security/", }, { trust: 0.1, url: "https://www.debian.org/security/faq", }, { trust: 0.1, url: "https://security-tracker.debian.org/tracker/brotli", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2021:1702", }, { trust: 0.1, url: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-25039", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-21639", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2020-12364", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-28165", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-28092", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-25037", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-25037", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-12363", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-10878", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2020-24330", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-28935", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-28163", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-25034", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-25035", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-14866", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-26116", }, { trust: 0.1, url: "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-25038", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-14866", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-26137", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-21309", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-25040", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-21640", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-28918", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-24330", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-3543", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-25042", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-3501", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-25042", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-12362", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-25648", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-25038", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-25032", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-25041", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-8648", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-25036", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-25032", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-27619", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-27170", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-25215", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-3177", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-24331", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-25692", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-25036", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-25035", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-23336", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2020-2433", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2020-10543", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-3347", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2020-12362", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2020-12363", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-24332", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-3114", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-28362", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-10543", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-25039", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-25040", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-12364", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2020-10878", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-25041", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2021:2461", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-25034", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-25736", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-3450", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2021:2130", }, { trust: 0.1, url: "https://docs.openshift.com/container-platform/4.7/windows_containers/window", }, { trust: 0.1, url: "https://issues.jboss.org/):", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-25736", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-3449", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2021:2705", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2022:0828", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2022:0829", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-3537", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-33195", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-27218", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-3520", }, { trust: 0.1, url: "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-33197", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-33195", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-33198", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-33198", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-27218", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-34558", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2021:3556", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-3516", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-33197", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-20271", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-3518", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-3517", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-3421", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-20271", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-3703", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-3541", }, ], sources: [ { db: "VULMON", id: "CVE-2020-8927", }, { db: "JVNDB", id: "JVNDB-2020-011334", }, { db: "PACKETSTORM", id: "168947", }, { db: "PACKETSTORM", id: "162688", }, { db: "PACKETSTORM", id: "163188", }, { db: "PACKETSTORM", id: "163257", }, { db: "PACKETSTORM", id: "163496", }, { db: "PACKETSTORM", id: "166269", }, { db: "PACKETSTORM", id: "166267", }, { db: "PACKETSTORM", id: "164192", }, { db: "NVD", id: "CVE-2020-8927", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2020-8927", }, { db: "JVNDB", id: "JVNDB-2020-011334", }, { db: "PACKETSTORM", id: "168947", }, { db: "PACKETSTORM", id: "162688", }, { db: "PACKETSTORM", id: "163188", }, { db: "PACKETSTORM", id: "163257", }, { db: "PACKETSTORM", id: "163496", }, { db: "PACKETSTORM", id: "166269", }, { db: "PACKETSTORM", id: "166267", }, { db: "PACKETSTORM", id: "164192", }, { db: "NVD", id: "CVE-2020-8927", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-09-15T00:00:00", db: "VULMON", id: "CVE-2020-8927", }, { date: "2021-03-29T00:00:00", db: "JVNDB", id: "JVNDB-2020-011334", }, { date: "2020-12-28T20:12:00", db: "PACKETSTORM", id: "168947", }, { date: "2021-05-19T14:17:57", db: "PACKETSTORM", id: "162688", }, { date: "2021-06-17T17:53:22", db: "PACKETSTORM", id: "163188", }, { date: "2021-06-23T15:44:15", db: "PACKETSTORM", id: "163257", }, { date: "2021-07-14T15:02:07", db: "PACKETSTORM", id: "163496", }, { date: "2022-03-11T16:33:04", db: "PACKETSTORM", id: "166269", }, { date: "2022-03-11T16:31:42", db: "PACKETSTORM", id: "166267", }, { date: "2021-09-17T16:04:56", db: "PACKETSTORM", id: "164192", }, { date: "2020-09-15T10:15:12.887000", db: "NVD", id: "CVE-2020-8927", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-04-22T00:00:00", db: "VULMON", id: "CVE-2020-8927", }, { date: "2021-03-29T06:34:00", db: "JVNDB", id: "JVNDB-2020-011334", }, { date: "2024-11-21T05:39:41.370000", db: "NVD", id: "CVE-2020-8927", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Brotli Classic buffer overflow vulnerability in library", sources: [ { db: "JVNDB", id: "JVNDB-2020-011334", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "overflow", sources: [ { db: "PACKETSTORM", id: "168947", }, { db: "PACKETSTORM", id: "162688", }, { db: "PACKETSTORM", id: "163188", }, { db: "PACKETSTORM", id: "166269", }, { db: "PACKETSTORM", id: "166267", }, ], trust: 0.5, }, }
ghsa-5v8v-66v8-mwm7
Vulnerability from github
Published
2022-05-24 17:28
Modified
2024-09-16 13:48
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
Summary
Integer overflow in the bundled Brotli C library
Details
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
{ affected: [ { package: { ecosystem: "crates.io", name: "compu-brotli-sys", }, ranges: [ { events: [ { introduced: "0", }, { fixed: "1.0.9", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.linux-arm", }, ranges: [ { events: [ { introduced: "3.0.0", }, { fixed: "3.1.23", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.linux-arm64", }, ranges: [ { events: [ { introduced: "3.0.0", }, { fixed: "3.1.23", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.linux-musl-arm64", }, ranges: [ { events: [ { introduced: "3.0.0", }, { fixed: "3.1.23", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.linux-x64", }, ranges: [ { events: [ { introduced: "3.0.0", }, { fixed: "3.1.23", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.osx-x64", }, ranges: [ { events: [ { introduced: "3.0.0", }, { fixed: "3.1.23", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.win-arm", }, ranges: [ { events: [ { introduced: "3.0.0", }, { fixed: "3.1.23", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.win-arm64", }, ranges: [ { events: [ { introduced: "3.0.0", }, { fixed: "3.1.23", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.win-x64", }, ranges: [ { events: [ { introduced: "3.0.0", }, { fixed: "3.1.23", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.win-x86", }, ranges: [ { events: [ { introduced: "3.0.0", }, { fixed: "3.1.23", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-arm64", }, ranges: [ { events: [ { introduced: "5.0.0", }, { fixed: "5.0.15", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-x64", }, ranges: [ { events: [ { introduced: "5.0.0", }, { fixed: "5.0.15", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.osx-x64", }, ranges: [ { events: [ { introduced: "5.0.0", }, { fixed: "5.0.15", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-arm64", }, ranges: [ { events: [ { introduced: "5.0.0", }, { fixed: "5.0.15", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-x64", }, ranges: [ { events: [ { introduced: "5.0.0", }, { fixed: "5.0.15", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.LLVM.osx-x64", }, ranges: [ { events: [ { introduced: "5.0.0", }, { fixed: "5.0.15", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.linux-arm", }, ranges: [ { events: [ { introduced: "5.0.0", }, { fixed: "5.0.15", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.linux-arm64", }, ranges: [ { events: [ { introduced: "5.0.0", }, { fixed: "5.0.15", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.linux-musl-x64", }, ranges: [ { events: [ { introduced: "5.0.0", }, { fixed: "5.0.15", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.linux-x64", }, ranges: [ { events: [ { introduced: "5.0.0", }, { fixed: "5.0.15", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.osx-x64", }, ranges: [ { events: [ { introduced: "5.0.0", }, { fixed: "5.0.15", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.browser-wasm", }, ranges: [ { events: [ { introduced: "5.0.0", }, { fixed: "5.0.15", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.linux-arm", }, ranges: [ { events: [ { introduced: "5.0.0", }, { fixed: "5.0.15", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.linux-arm64", }, ranges: [ { events: [ { introduced: "5.0.0", }, { fixed: "5.0.15", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.linux-musl-arm", }, ranges: [ { events: [ { introduced: "5.0.0", }, { fixed: "5.0.15", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.linux-musl-arm64", }, ranges: [ { events: [ { introduced: "5.0.0", }, { fixed: "5.0.15", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.linux-musl-x64", }, ranges: [ { events: [ { introduced: "5.0.0", }, { fixed: "5.0.15", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.linux-x64", }, ranges: [ { events: [ { introduced: "5.0.0", }, { fixed: "5.0.15", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.osx-x64", }, ranges: [ { events: [ { introduced: "5.0.0", }, { fixed: "5.0.15", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.win-arm", }, ranges: [ { events: [ { introduced: "5.0.0", }, { fixed: "5.0.15", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.win-arm64", }, ranges: [ { events: [ { introduced: "5.0.0", }, { fixed: "5.0.15", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.win-x64", }, ranges: [ { events: [ { introduced: "5.0.0", }, { fixed: "5.0.15", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.win-x86", }, ranges: [ { events: [ { introduced: "5.0.0", }, { fixed: "5.0.15", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-x64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-x86", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.browser-wasm", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-arm", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-arm64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-x64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-x86", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.browser-wasm", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.ios-arm", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.ios-arm64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.iossimulator-arm64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.iossimulator-x64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.iossimulator-x86", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.maccatalyst-arm64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.maccatalyst-x64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.tvos-arm64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.tvossimulator-arm64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.tvossimulator-x64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm.Msi.x64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm64.Msi.x64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x64.Msi.x64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x86", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x86.Msi.x64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.browser-wasm", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.browser-wasm.Msi.x64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-arm64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-x64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.osx-x64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-arm64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-x64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.LLVM.osx-x64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.android-arm", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.android-arm.Msi.arm64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.android-arm.Msi.x64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.android-arm.Msi.x86", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.android-arm64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.android-arm64.Msi.arm64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.android-arm64.Msi.x64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.android-arm64.Msi.x86", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.android-x64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.arm64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.x64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.x86", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.android-x86", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.android-x86.Msi.arm64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.android-x86.Msi.x64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.android-x86.Msi.x86", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.browser-wasm", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.arm64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.x64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.x86", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.ios-arm", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.ios-arm.Msi.arm64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.ios-arm.Msi.x86", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.ios-arm64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.arm64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.x64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.x86", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.arm64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.x64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.x86", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64.Msi.arm64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64.Msi.x64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64.Msi.x86", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.arm64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.x64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.x86", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.linux-arm", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.linux-arm64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.linux-musl-x64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.linux-x64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64.Msi.arm64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64.Msi.x64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64.Msi.x86", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.arm64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.x64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.x86", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.osx-arm64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.osx-x64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.tvos-arm64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.arm64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.x64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.x86", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.arm64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.x64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.x86", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.arm64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.x64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.x86", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.win-x64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.Mono.win-x86", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.linux-arm", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.linux-arm64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.linux-musl-arm", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.linux-musl-arm64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.linux-musl-x64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.linux-x64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.osx-arm64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.osx-x64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.win-arm", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.win-arm64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.win-x64", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "Microsoft.NETCore.App.Runtime.win-x86", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "PyPI", name: "brotli", }, ranges: [ { events: [ { introduced: "0", }, { fixed: "1.0.8", }, ], type: "ECOSYSTEM", }, ], }, ], aliases: [ "CVE-2020-8927", ], database_specific: { cwe_ids: [ "CWE-120", ], github_reviewed: true, github_reviewed_at: "2022-06-16T23:47:42Z", nvd_published_at: "2020-09-15T10:15:00Z", severity: "MODERATE", }, details: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", id: "GHSA-5v8v-66v8-mwm7", modified: "2024-09-16T13:48:46Z", published: "2022-05-24T17:28:21Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", }, { type: "WEB", url: "https://github.com/bitemyapp/brotli2-rs/issues/45", }, { type: "WEB", url: "https://github.com/github/advisory-database/issues/785", }, { type: "WEB", url: "https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6", }, { type: "WEB", url: "https://www.debian.org/security/2020/dsa-4801", }, { type: "WEB", url: "https://usn.ubuntu.com/4568-1", }, { type: "WEB", url: "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", }, { type: "WEB", url: "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH", }, { type: "WEB", url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", }, { type: "WEB", url: "https://github.com/pypa/advisory-database/tree/main/vulns/brotli/PYSEC-2020-29.yaml", }, { type: "WEB", url: "https://github.com/google/brotli/releases/tag/v1.0.9", }, { type: "WEB", url: "https://github.com/google/brotli/releases/tag/v1.0.8", }, { type: "PACKAGE", url: "https://github.com/bitemyapp/brotli2-rs", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", type: "CVSS_V3", }, { score: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N", type: "CVSS_V4", }, ], summary: "Integer overflow in the bundled Brotli C library", }
gsd-2020-8927
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
Aliases
Aliases
{ GSD: { alias: "CVE-2020-8927", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", id: "GSD-2020-8927", references: [ "https://www.suse.com/security/cve/CVE-2020-8927.html", "https://www.debian.org/security/2020/dsa-4801", "https://access.redhat.com/errata/RHSA-2021:1702", "https://access.redhat.com/errata/RHSA-2022:0830", "https://access.redhat.com/errata/RHSA-2022:0829", "https://access.redhat.com/errata/RHSA-2022:0828", "https://access.redhat.com/errata/RHSA-2022:0827", "https://ubuntu.com/security/CVE-2020-8927", "https://advisories.mageia.org/CVE-2020-8927.html", "https://security.archlinux.org/CVE-2020-8927", "https://linux.oracle.com/cve/CVE-2020-8927.html", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2020-8927", ], details: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", id: "GSD-2020-8927", modified: "2023-12-13T01:21:53.897551Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "security@google.com", ID: "CVE-2020-8927", STATE: "PUBLIC", TITLE: "Buffer overflow in Brotli library", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Brotli", version: { version_data: [ { version_affected: "<=", version_name: "stable", version_value: "1.0.7", }, ], }, }, ], }, vendor_name: "Google LLC", }, ], }, }, credit: [ { lang: "eng", value: "Jay Lv <nengzhi.pnz@antgroup.com>", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-130 Improper Handling of Length Parameter Inconsistency ", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/google/brotli/releases/tag/v1.0.9", refsource: "CONFIRM", url: "https://github.com/google/brotli/releases/tag/v1.0.9", }, { name: "openSUSE-SU-2020:1578", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", }, { name: "FEDORA-2020-22d278923a", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", }, { name: "USN-4568-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4568-1/", }, { name: "FEDORA-2020-c663fbc46c", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", }, { name: "FEDORA-2020-e21bd401ad", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", }, { name: "FEDORA-2020-bc9a739f0c", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", }, { name: "FEDORA-2020-9336b65f82", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", }, { name: "FEDORA-2020-c76a35b209", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", }, { name: "[debian-lts-announce] 20201201 [SECURITY] [DLA 2476-1] brotli security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", }, { name: "DSA-4801", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4801", }, { name: "FEDORA-2022-9e046f579a", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", }, { name: "FEDORA-2022-5ecee47acb", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", }, { name: "FEDORA-2022-d28042f559", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", }, ], }, source: { discovery: "EXTERNAL", }, }, "gitlab.com": { advisories: [ { affected_range: "<1.0.8", affected_versions: "All versions before 1.0.8", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2020-12-02", description: "A buffer overflow exists in the Brotli library where an attacker controlling the input length of a one-shot decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB.", fixed_versions: [ "1.0.9", ], identifier: "CVE-2020-8927", identifiers: [ "CVE-2020-8927", ], not_impacted: "All versions starting from 1.0.8", package_slug: "conan/brotli", pubdate: "2020-09-15", solution: "Upgrade to version 1.0.9 or above.", title: "Buffer Overflow", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", ], uuid: "8c793170-8c8b-4a88-8601-436bc0a7606b", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "3cfb6c8e-6090-4583-a537-f53ec6c594ee", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "d8d88d84-c627-450b-8727-29249183d1fa", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-x64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "13e11d03-ba1e-4493-a826-ed4af68d544d", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-x86", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "dc858289-2f7c-42a6-b31d-d41b61edc6ea", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.browser-wasm", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "71184543-cf24-47b4-a51d-020b8547bc5e", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-arm", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "9f7e1da4-45e4-4e60-bb5d-53a0e848aa8b", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-arm64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "e72c8899-418b-4bdd-8b7d-3dafa9b30e71", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-x64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "9812fad4-d2b2-422d-8c0d-73c108ad289b", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-x86", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "2348d3e2-a6a2-4c63-8f13-aba0fb20934f", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.browser-wasm", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "039452b6-76c8-4380-bff7-5979278093d6", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.ios-arm", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "4fd27d65-d6f2-41fe-bd12-0ef8410137f1", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.ios-arm64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "9bd1b961-827b-40ce-b789-33f25e888831", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.iossimulator-arm64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "4aa5c258-b2ee-4002-bd89-7351fbed847f", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.iossimulator-x64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "4d3a7dee-3874-46e8-9a88-b99d02a2aa48", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.iossimulator-x86", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "8b19515e-c193-424e-a0b5-1e4de73ce258", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.maccatalyst-arm64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "af13c1e6-2230-4b4e-993c-64622a64b944", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.maccatalyst-x64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "7b0ee75a-e60e-4213-a4e3-0f094e95e119", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.tvos-arm64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "072eb70e-0224-443f-aa65-bd1fd1373d79", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.tvossimulator-arm64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "e489fc5b-c4c6-4d4d-8d42-a6b7e9969334", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.tvossimulator-x64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "27fc7862-1335-401e-ae86-b9fd7a163136", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm.Msi.x64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "50477955-21c0-4aa0-b5b9-c9906d286184", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "b9b524ce-65bf-4dc9-8fb0-1c947be3eb40", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm64.Msi.x64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "429436d7-2afe-49b2-9fd7-254d05972059", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "020d3783-4649-400f-8396-abe017cc4572", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x64.Msi.x64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "cbe75b41-b671-440b-9a0a-eccecd08b731", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "4e240a0c-b414-4ae3-9f86-a14c038785dd", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x86.Msi.x64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "d84d4273-730e-40ad-99ea-1ebcf4a0c6e7", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x86", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "ed023747-4f59-40ba-bc9e-2a3256009f9c", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.browser-wasm.Msi.x64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "c4d54248-7a02-4dd4-91f0-64bf7e003a2f", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.browser-wasm", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "7aa8f100-5fc7-446f-bd92-e6e0cbb5c0c5", }, { affected_range: "[5.0.0,5.0.15),[6.0.0,6.0.3)", affected_versions: "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "5.0.15", "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-arm64", pubdate: "2022-05-24", solution: "Upgrade to versions 5.0.15, 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "5a60d28d-21ef-4923-9d5c-b3e70a9fc49e", }, { affected_range: "[5.0.0,5.0.15),[6.0.0,6.0.3)", affected_versions: "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "5.0.15", "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-x64", pubdate: "2022-05-24", solution: "Upgrade to versions 5.0.15, 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "42ccc8ec-dbe6-4b94-9e45-6da3d730b403", }, { affected_range: "[5.0.0,5.0.15),[6.0.0,6.0.3)", affected_versions: "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "5.0.15", "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.osx-x64", pubdate: "2022-05-24", solution: "Upgrade to versions 5.0.15, 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "c97454f2-c986-4390-ad5e-6029dd059c98", }, { affected_range: "[5.0.0,5.0.15),[6.0.0,6.0.3)", affected_versions: "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "5.0.15", "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-arm64", pubdate: "2022-05-24", solution: "Upgrade to versions 5.0.15, 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "30b0035e-7c8e-4bd2-b5fb-73ccc9f4dea3", }, { affected_range: "[5.0.0,5.0.15),[6.0.0,6.0.3)", affected_versions: "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "5.0.15", "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-x64", pubdate: "2022-05-24", solution: "Upgrade to versions 5.0.15, 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "8e7fdff4-e7ff-41bb-a05c-d2961ed7d5d8", }, { affected_range: "[5.0.0,5.0.15),[6.0.0,6.0.3)", affected_versions: "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "5.0.15", "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.LLVM.osx-x64", pubdate: "2022-05-24", solution: "Upgrade to versions 5.0.15, 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "4808adf8-f4ac-4e3a-a66e-29efaa869a79", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.android-arm.Msi.arm64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "2a890f83-3100-4055-a2d0-23670565ec47", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.android-arm.Msi.x64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "c775a827-b0bf-46fb-aac9-c82e496a4ccd", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.android-arm.Msi.x86", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "ebf9cf13-c5fe-43d5-aa61-06796b541a4c", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.android-arm", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "5518f59a-8800-47dc-be56-19c78eff5316", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.android-arm64.Msi.arm64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "817d3f8b-a6e6-4a3f-8a13-e9d3682f0a77", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.android-arm64.Msi.x64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "f5f2c952-72e6-4c6e-93ac-6d0929227344", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.android-arm64.Msi.x86", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "bb1dfd69-ddd3-4148-85f7-6be477b470d8", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.android-arm64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "2bcebc38-b2ca-45c6-9a75-a59228e774f6", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.arm64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "93a1d6aa-4b01-4e34-98fd-66f56484c506", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.x64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "98b93b6b-09cd-43a1-b3fc-64627ee46862", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.x86", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "6353f8ad-f637-4a8b-b197-82c3bf53f1d7", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.android-x64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "73fc4515-8c17-4454-84c1-dadac784702e", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.android-x86.Msi.arm64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "d53413bc-716d-4b9d-b8c5-a350486e6ac8", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.android-x86.Msi.x64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "a64cc3e0-5904-46cc-952e-0970da3e7f85", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.android-x86.Msi.x86", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "81e46feb-52ee-4eb0-8bc4-6bd2f69942d1", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.android-x86", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "dc95542c-9b27-476b-a66c-6f2482966218", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.arm64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "efa3028f-58b3-4fe5-9f65-c143c67e8ff2", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.x64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "bf0d54a6-c1ad-4043-a3e3-b90439ac5825", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.x86", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "78c8e261-cb62-4819-b319-6b23337bb98a", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.browser-wasm", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "9ccb2a7f-d38f-4fb6-b8ce-fbc41a14da87", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.ios-arm.Msi.arm64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "a75f46b5-f4bd-4ca9-8c27-91c1b8bd35b9", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.ios-arm.Msi.x86", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "65ab7edc-b0d9-4c0d-b4dc-4135d6b26e3e", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.ios-arm", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "0bc5feb7-054b-43ac-822d-683976d74510", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.arm64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "2d190e54-75a8-4751-9dfd-dc42d01b332c", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.x64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "b333fbe5-1ed4-40f8-94e1-13245ceb7e5b", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.x86", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "28664e0b-059e-4045-8588-f50407514dd3", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.ios-arm64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "f312ee83-3c67-4ee3-b23a-3393757c15b0", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.arm64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "1d51c6d6-1f1f-4652-ac98-772f5cd16a69", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.x64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "b4434ef7-5b38-4a80-bc1e-64cbff62e10b", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.x86", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "dc81a0f1-a3a9-4f42-8f2f-10275a34ee40", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "ccbebba2-82ea-49ff-809f-1c67d89bedc5", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64.Msi.arm64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "1827f9ae-fd8f-4a60-b2dd-41a13e633536", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64.Msi.x64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "87e01711-60fb-4271-ba3f-8c852fb94bbe", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64.Msi.x86", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "758e8466-a0b0-4fff-b9ba-122fbb0e4dde", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "a406594c-31ba-40aa-9a89-50b5e5712d3a", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.arm64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "f7d82f95-66fb-4a7a-9ae4-4dccced13a1a", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.x64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "02b4a8d2-37d3-40fc-9942-56c1d684f553", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.x86", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "fbb4d9d4-52a0-4849-92da-9da54f45e3b9", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "3841ba2d-df7f-473b-b398-522d989c5b90", }, { affected_range: "[5.0.0,5.0.15),[6.0.0,6.0.3)", affected_versions: "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "5.0.15", "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.linux-arm", pubdate: "2022-05-24", solution: "Upgrade to versions 5.0.15, 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "6352df0c-eb73-4b50-89e8-814572da64b3", }, { affected_range: "[5.0.0,5.0.15),[6.0.0,6.0.3)", affected_versions: "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "5.0.15", "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.linux-arm64", pubdate: "2022-05-24", solution: "Upgrade to versions 5.0.15, 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "0e15ab07-5668-4e36-aef1-4e980a9daafc", }, { affected_range: "[5.0.0,5.0.15),[6.0.0,6.0.3)", affected_versions: "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "5.0.15", "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.linux-musl-x64", pubdate: "2022-05-24", solution: "Upgrade to versions 5.0.15, 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "d7fb0dc2-dcf4-44c2-895e-7b42adc1782d", }, { affected_range: "[5.0.0,5.0.15),[6.0.0,6.0.3)", affected_versions: "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "5.0.15", "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.linux-x64", pubdate: "2022-05-24", solution: "Upgrade to versions 5.0.15, 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "d21deab9-3190-4fc3-b445-e797d65e261c", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64.Msi.arm64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "1c91c6e8-2d40-41b8-96b1-17065c9eb62a", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64.Msi.x64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "a36c0b54-32cc-4fd0-955c-a4f8bfd46490", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64.Msi.x86", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "e60ba79f-642b-4da6-8a32-888b260046a2", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "8c32544d-f2c5-4c80-ad05-a0aac7cd02f8", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.arm64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "f12b47aa-691e-489b-892b-9c5c2011ae34", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.x64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "d28e1481-2d01-4b85-a95f-5f6ba9a651fe", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.x86", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "e27d4461-1fc7-4475-9d38-0d1204130d65", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "6271e5b4-96e2-44b5-96f4-0aaa2dd89bca", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.osx-arm64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "033efd0f-5fcb-41eb-a19d-eda548ef5d32", }, { affected_range: "[5.0.0,5.0.15),[6.0.0,6.0.3)", affected_versions: "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "5.0.15", "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.osx-x64", pubdate: "2022-05-24", solution: "Upgrade to versions 5.0.15, 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "467552f1-a189-4573-bd42-9c5e8ba989b6", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.arm64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "fafc6c39-0e05-4d07-93d1-a824b2519889", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.x64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "18fb1691-0571-4cdb-823a-0e4d9e20eaeb", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.x86", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "29cc6f42-908a-4240-a149-9399b4bab215", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.tvos-arm64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "05d55ba3-7d1d-4661-811b-0d1fc48a63e9", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.arm64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "e46d6528-75c6-45da-ba4a-3ad52fa68cb6", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.x64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "6f9a3c82-99c7-41d0-b382-605d11c06001", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.x86", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "e236c808-d817-4af5-a94d-210b466bab74", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "e47c739c-5e40-4564-af79-f638f75c68c9", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.arm64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "d1bb85fe-a13f-45bc-9f73-3bb526560fea", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.x64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "f96f2f17-9dc6-4e33-ad9d-6ace97b7ee2e", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.x86", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "55919a40-c2d3-45fe-ac8d-57d0796ca7a7", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "49bc6a25-8f66-45a3-aa21-c9dad0db2355", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.win-x64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "8256f040-bf1a-405f-a9f2-e7938c318be1", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.Mono.win-x86", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "c0792999-3c30-43a7-b1c0-40d0eb017944", }, { affected_range: "[5.0.0,5.0.15)", affected_versions: "All versions starting from 5.0.0 before 5.0.15", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "5.0.15", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 5.0.0, all versions starting from 5.0.15", package_slug: "nuget/Microsoft.NETCore.App.Runtime.browser-wasm", pubdate: "2022-05-24", solution: "Upgrade to version 5.0.15 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "625246b9-c53f-4aae-a849-8f0b3ea47337", }, { affected_range: "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)", affected_versions: "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "3.1.23", "5.0.15", "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.linux-arm", pubdate: "2022-05-24", solution: "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "512d072d-f164-45c6-88e1-1a0caa3dd99c", }, { affected_range: "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)", affected_versions: "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "3.1.23", "5.0.15", "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.linux-arm64", pubdate: "2022-05-24", solution: "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "1a087926-ffe8-450a-9410-b3964fa3d109", }, { affected_range: "[5.0.0,5.0.15),[6.0.0,6.0.3)", affected_versions: "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "5.0.15", "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.linux-musl-arm", pubdate: "2022-05-24", solution: "Upgrade to versions 5.0.15, 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "ab1111f6-5ba4-463e-b475-fbc723c0d6d7", }, { affected_range: "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)", affected_versions: "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "3.1.23", "5.0.15", "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.linux-musl-arm64", pubdate: "2022-05-24", solution: "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "65832883-f345-4cff-9beb-dd5023718717", }, { affected_range: "[5.0.0,5.0.15),[6.0.0,6.0.3)", affected_versions: "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "5.0.15", "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.linux-musl-x64", pubdate: "2022-05-24", solution: "Upgrade to versions 5.0.15, 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "e4c54761-10c7-41e6-9c7f-542975e9b393", }, { affected_range: "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)", affected_versions: "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "3.1.23", "5.0.15", "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.linux-x64", pubdate: "2022-05-24", solution: "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "68df4c81-ebe3-4558-a182-6f6cf108b304", }, { affected_range: "[6.0.0,6.0.3)", affected_versions: "All versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.osx-arm64", pubdate: "2022-05-24", solution: "Upgrade to version 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "6ac76c67-6bbc-4d10-91ca-a222085b79df", }, { affected_range: "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)", affected_versions: "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "3.1.23", "5.0.15", "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.osx-x64", pubdate: "2022-05-24", solution: "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "0c600e02-0809-485c-a853-4e1905ab3eac", }, { affected_range: "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)", affected_versions: "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "3.1.23", "5.0.15", "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.win-arm", pubdate: "2022-05-24", solution: "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "805fec2b-bf1e-454f-9b07-ae9b81dc4fdd", }, { affected_range: "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)", affected_versions: "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "3.1.23", "5.0.15", "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.win-arm64", pubdate: "2022-05-24", solution: "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "8c1c0453-90ee-4b79-96b2-5a0ec97f709b", }, { affected_range: "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)", affected_versions: "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "3.1.23", "5.0.15", "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.win-x64", pubdate: "2022-05-24", solution: "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "d101aa73-1a4d-4b19-85dc-3be3d02bafec", }, { affected_range: "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)", affected_versions: "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-120", "CWE-937", ], date: "2022-10-31", description: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", fixed_versions: [ "3.1.23", "5.0.15", "6.0.3", ], identifier: "CVE-2020-8927", identifiers: [ "GHSA-5v8v-66v8-mwm7", "CVE-2020-8927", ], not_impacted: "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3", package_slug: "nuget/Microsoft.NETCore.App.Runtime.win-x86", pubdate: "2022-05-24", solution: "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.", title: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "https://github.com/google/brotli/releases/tag/v1.0.9", "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", "https://usn.ubuntu.com/4568-1/", "https://www.debian.org/security/2020/dsa-4801", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "https://github.com/bitemyapp/brotli2-rs/issues/45", "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "https://github.com/github/advisory-database/issues/785", "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", ], uuid: "8fa5d563-01c8-4eaa-8aa8-30c0d22855b9", }, ], }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:google:brotli:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.8", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "5.0.14", versionStartIncluding: "5.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "3.1.22", versionStartIncluding: "3.1", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "7.0.9", versionStartIncluding: "7.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "7.1.6", versionStartIncluding: "7.1", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "7.2.2", versionStartIncluding: "7.2", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "16.11", versionStartIncluding: "16.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "17.0.7", versionStartIncluding: "17.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:visual_studio_2022:17.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "security@google.com", ID: "CVE-2020-8927", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-120", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/google/brotli/releases/tag/v1.0.9", refsource: "CONFIRM", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/google/brotli/releases/tag/v1.0.9", }, { name: "openSUSE-SU-2020:1578", refsource: "SUSE", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", }, { name: "FEDORA-2020-22d278923a", refsource: "FEDORA", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", }, { name: "USN-4568-1", refsource: "UBUNTU", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4568-1/", }, { name: "FEDORA-2020-c663fbc46c", refsource: "FEDORA", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", }, { name: "FEDORA-2020-bc9a739f0c", refsource: "FEDORA", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", }, { name: "FEDORA-2020-e21bd401ad", refsource: "FEDORA", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", }, { name: "FEDORA-2020-9336b65f82", refsource: "FEDORA", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", }, { name: "FEDORA-2020-c76a35b209", refsource: "FEDORA", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", }, { name: "[debian-lts-announce] 20201201 [SECURITY] [DLA 2476-1] brotli security update", refsource: "MLIST", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", }, { name: "DSA-4801", refsource: "DEBIAN", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4801", }, { name: "FEDORA-2022-9e046f579a", refsource: "FEDORA", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", }, { name: "FEDORA-2022-5ecee47acb", refsource: "FEDORA", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", }, { name: "FEDORA-2022-d28042f559", refsource: "FEDORA", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", }, ], }, }, impact: { baseMetricV2: { acInsufInfo: false, cvssV2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", userInteractionRequired: false, }, baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 2.5, }, }, lastModifiedDate: "2022-04-22T18:53Z", publishedDate: "2020-09-15T10:15Z", }, }, }
fkie_cve-2020-8927
Vulnerability from fkie_nvd
Published
2020-09-15 10:15
Modified
2024-11-21 05:39
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Summary
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| brotli | * | ||
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 20.04 | |
| opensuse | leap | 15.2 | |
| microsoft | .net | * | |
| microsoft | .net_core | * | |
| microsoft | powershell | * | |
| microsoft | powershell | * | |
| microsoft | powershell | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | 17.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:google:brotli:*:*:*:*:*:*:*:*", matchCriteriaId: "3A0C4F94-96AA-45AE-A3A6-55DE4FD744E3", versionEndExcluding: "1.0.8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", matchCriteriaId: "D986C83E-F055-4861-B3FC-D1AE2662A826", versionEndIncluding: "5.0.14", versionStartIncluding: "5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", matchCriteriaId: "EB57B616-F5BD-47B7-BBD0-AF58976CEE10", versionEndIncluding: "3.1.22", versionStartIncluding: "3.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*", matchCriteriaId: "77F72A4A-239D-4362-B42C-2B125FD977AB", versionEndExcluding: "7.0.9", versionStartIncluding: "7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*", matchCriteriaId: "A2C644EF-33B6-440F-8051-6A0D3C096F67", versionEndExcluding: "7.1.6", versionStartIncluding: "7.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*", matchCriteriaId: "CD5CE10E-FCBF-4FBA-9B4E-BEB7F7E902A1", versionEndExcluding: "7.2.2", versionStartIncluding: "7.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "C9984FFB-8AFA-438F-B762-B98649B64B23", versionEndIncluding: "16.11", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "962BF425-75A7-4743-A3EA-275F8D66A00B", versionEndIncluding: "17.0.7", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:17.1:*:*:*:*:*:*:*", matchCriteriaId: "950638D8-6997-4058-8A9E-6153A7FC3B32", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", }, { lang: "es", value: "Se presenta un desbordamiento del búfer en la biblioteca Brotli versiones anteriores a 1.0.8, donde un atacante que controla la longitud de entrada de una petición de descompresión \"one-shot\" en un script puede desencadenar un bloqueo, que ocurre cuando se copian fragmentos de datos de más de 2 GiB . Se recomienda actualizar su biblioteca de Brotli a la versión 1.0.8 o posterior. Si no se puede actualizar, recomendamos usar la API \"streaming\" en lugar de la API \"one-shot\" e imponer límites de tamaño de fragmentos", }, ], id: "CVE-2020-8927", lastModified: "2024-11-21T05:39:41.370", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "cve-coordination@google.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-09-15T10:15:12.887", references: [ { source: "cve-coordination@google.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", }, { source: "cve-coordination@google.com", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/google/brotli/releases/tag/v1.0.9", }, { source: "cve-coordination@google.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", }, { source: "cve-coordination@google.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", }, { source: "cve-coordination@google.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", }, { source: "cve-coordination@google.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", }, { source: "cve-coordination@google.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", }, { source: "cve-coordination@google.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", }, { source: "cve-coordination@google.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", }, { source: "cve-coordination@google.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", }, { source: "cve-coordination@google.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", }, { source: "cve-coordination@google.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", }, { source: "cve-coordination@google.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4568-1/", }, { source: "cve-coordination@google.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4801", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/google/brotli/releases/tag/v1.0.9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4568-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4801", }, ], sourceIdentifier: "cve-coordination@google.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-130", }, ], source: "cve-coordination@google.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
pysec-2020-29
Vulnerability from pysec
Published
2020-09-15 10:15
Modified
2020-12-02 12:15
Details
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
Impacted products
| Name | purl |
|---|---|
| brotli | pkg:pypi/brotli |
Aliases
{ affected: [ { package: { ecosystem: "PyPI", name: "brotli", purl: "pkg:pypi/brotli", }, ranges: [ { events: [ { introduced: "0", }, { fixed: "1.0.8", }, ], type: "ECOSYSTEM", }, ], versions: [ "0.5.2", "0.6.0", "1.0.1", "1.0.4", "1.0.6", "1.0.7", ], }, ], aliases: [ "CVE-2020-8927", ], details: "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", id: "PYSEC-2020-29", modified: "2020-12-02T12:15:00Z", published: "2020-09-15T10:15:00Z", references: [ { type: "WEB", url: "https://github.com/google/brotli/releases/tag/v1.0.9", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", }, { type: "WEB", url: "https://usn.ubuntu.com/4568-1/", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", }, { type: "WEB", url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", }, { type: "ADVISORY", url: "https://www.debian.org/security/2020/dsa-4801", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.