{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-14T22:20:13.247","vulnerabilities":[{"cve":{"id":"CVE-2020-36846","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2025-05-30T01:15:20.950","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A buffer overflow, as described in CVE-2020-8927, exists in the embedded Brotli library.  Versions of IO::Compress::Brotli prior to 0.007 included a version of the brotli library prior to version 1.0.8, where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your IO::Compress::Brotli module to 0.007 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits."},{"lang":"es","value":"Existe un desbordamiento de búfer, como se describe en CVE-2020-8927, en la librería Brotli integrada. Las versiones de IO::Compress::Brotli anteriores a la 0.007 incluían una versión de la librería Brotli anterior a la 1.0.8, donde un atacante que controle la longitud de entrada de una solicitud de descompresión única a un script puede provocar un fallo, lo cual ocurre al copiar fragmentos de datos de más de 2 GiB. Se recomienda actualizar el módulo IO::Compress::Brotli a la versión 0.007 o posterior. Si no se puede actualizar, recomendamos usar la API de streaming en lugar de la API única e imponer límites de tamaño de fragmentos."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"references":[{"url":"https://github.com/advisories/GHSA-5v8v-66v8-mwm7","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://github.com/google/brotli/pull/826","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://github.com/timlegge/perl-IO-Compress-Brotli/blob/8b44c83b23bb4658179e1494af4b725a1bc476bc/Changes#L52","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8927","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"}]}}]}