brotli-sys

crates.io2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting brotli-syspage 1 of 1

CVE-2020-36846CRITICALCVSS 9.8EG 9.8
2025-05-30
A buffer overflow, as described in CVE-2020-8927, exists in the embedded Brotli library. Versions of IO::Compress::Brotli prior to 0.007 included a version of the brotli library prior to version 1.0.8, where an attacker controlling the i…
CVE-2020-8927MEDIUMCVSS 5.3EG 5.3
2020-09-15
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data lar…

Check whether brotli-sys is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for brotli-sys CVEs against the assets you own.

Start Free Scan →