CVEs-PoC/2020/CVE-2020-8927.md

### [CVE-2020-8927](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8927)
![](https://img.shields.io/static/v1?label=Product&message=Brotli&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=stable%3C%3D%201.0.7%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-130%20Improper%20Handling%20of%20Length%20Parameter%20Inconsistency%20&color=brighgreen)

### Description

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/Shubhamthakur1997/CICD-Demo
- https://github.com/dcambronero/CloudGuard-ShiftLeft-CICD-AWS
- https://github.com/jaydenaung/CloudGuard-ShiftLeft-CICD-AWS