Vulnerability	Vulnerable Version
H Allocation of Resources Without Limits or Throttling brotlicffi is a Python CFFI bindings to the Brotli library Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to missing limits on decompressed output size in the `Decompressor.decompress()` and `Decompressor.process()` methods. These methods pass attacker-controlled Brotli data into dynamically growing in-memory buffers without enforcing an `output_buffer_limit`, allowing highly compressible payloads to inflate into extremely large outputs. An attacker can exploit this by supplying crafted Brotli payloads that cause excessive memory consumption, leading to process termination or resource exhaustion. How to fix Allocation of Resources Without Limits or Throttling? Upgrade `brotlicffi` to version 1.2.0.0 or higher.	[,1.2.0.0)

Allocation of Resources Without Limits or Throttling

brotlicffi is a Python CFFI bindings to the Brotli library

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to missing limits on decompressed output size in the Decompressor.decompress() and Decompressor.process() methods. These methods pass attacker-controlled Brotli data into dynamically growing in-memory buffers without enforcing an output_buffer_limit, allowing highly compressible payloads to inflate into extremely large outputs. An attacker can exploit this by supplying crafted Brotli payloads that cause excessive memory consumption, leading to process termination or resource exhaustion.

How to fix Allocation of Resources Without Limits or Throttling?

Upgrade brotlicffi to version 1.2.0.0 or higher.

[,1.2.0.0)

Go back to all versions of this package