Google Brotli Library Buffer Overflow Vulnerability in IO::Compress::Brotli

A buffer overflow vulnerability has been identified in the Brotli library, specifically in versions prior to 1.0.8. This vulnerability allows an attacker to manipulate the input length of a 'one-shot' decompression request, potentially leading to a crash. The issue arises when the decompression process attempts to copy data chunks larger than 2 GiB. The vulnerability is present in the IO::Compress::Brotli Perl module, which versions prior to 0.007 included an older version of the Brotli library that is susceptible to this issue.

Impact

Exploitation of this vulnerability leads to a crash of the affected application, causing a denial of service.

Reproduction

To reproduce this vulnerability, send a 'one-shot' decompression request to a script using the IO::Compress::Brotli module version prior to 0.007. Control the input length to exceed 2 GiB, which will trigger the buffer overflow and cause the application to crash.

Remediation

Update the IO::Compress::Brotli module to version 0.007 or later. If an update is not possible, switch to the 'streaming' API instead of the 'one-shot' API and impose limits on chunk sizes.