brotli 0.5.2 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the brotli package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Allocation of Resources Without Limits or Throttling brotli is a Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It is similar in speed with deflate but offers more dense compression. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to insufficient protection against decompression `brotli` bombs. An attacker can cause excessive memory consumption and crash the client by sending specially crafted compressed data with extremely high compression ratios. How to fix Allocation of Resources Without Limits or Throttling? A fix was pushed into the `master` branch but not yet published.	[0,)
M Buffer Overflow brotli is a Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It is similar in speed with deflate but offers more dense compression. Affected versions of this package are vulnerable to Buffer Overflow. An attacker could control the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. How to fix Buffer Overflow? Upgrade `brotli` to version 1.0.8 or higher.	[,1.0.8)

Vulnerability

Vulnerable Version

Allocation of Resources Without Limits or Throttling

brotli is a Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It is similar in speed with deflate but offers more dense compression.

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to insufficient protection against decompression brotli bombs. An attacker can cause excessive memory consumption and crash the client by sending specially crafted compressed data with extremely high compression ratios.

How to fix Allocation of Resources Without Limits or Throttling?

A fix was pushed into the master branch but not yet published.

[0,)

Buffer Overflow

Affected versions of this package are vulnerable to Buffer Overflow. An attacker could control the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB.

How to fix Buffer Overflow?

Upgrade brotli to version 1.0.8 or higher.

[,1.0.8)

brotli@0.5.2 vulnerabilities

Python bindings for the Brotli compression library

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically