CVE-2020-36846
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-36846
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-36846.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-36846
- Aliases
- Downstream
- Published
- 2025-05-30T01:15:20Z
- Modified
- 2025-10-14T17:53:55.827679Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A buffer overflow, as described in CVE-2020-8927, exists in the embedded Brotli library. Versions of IO::Compress::Brotli prior to 0.007 included a version of the brotli library prior to version 1.0.8, where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your IO::Compress::Brotli module to 0.007 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
- References
-
- https://github.com/advisories/GHSA-5v8v-66v8-mwm7
- https://nvd.nist.gov/vuln/detail/CVE-2020-8927
- https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6
- https://github.com/google/brotli/pull/826
- https://github.com/timlegge/perl-IO-Compress-Brotli/blob/8b44c83b23bb4658179e1494af4b725a1bc476bc/Changes#L52
Affected packages
Git / github.com/google/brotli
Affected ranges
- Type
- GIT
- Repo
- https://github.com/google/brotli
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.1.0
v0.2.0
v0.3.0
v0.4.0
v0.6.0
v1.*
v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
Database specific
{
"vanir_signatures": [
{
"id": "CVE-2020-36846-065cb997",
"signature_type": "Function",
"target": {
"file": "c/dec/bit_reader.h",
"function": "BitMask"
},
"deprecated": false,
"digest": {
"length": 167.0,
"function_hash": "318280529095448493923144685100943943929"
},
"signature_version": "v1",
"source": "https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6"
},
{
"id": "CVE-2020-36846-0ee3574c",
"signature_type": "Line",
"target": {
"file": "c/common/context.h"
},
"deprecated": false,
"digest": {
"line_hashes": [
"335138695453929104683864677741789364973",
"62938935012882714921287959697160084902",
"321733639354838955569855645501354884890",
"280704284652905483300732904493968263545",
"270353953732259274427246496302066286451",
"212578839904593347077979075449451390962",
"198281371162132013315553633399598818194",
"330922042901706936438421853080443810470",
"111861557941050179011674487431101429549",
"212578839904593347077979075449451390962",
"198281371162132013315553633399598818194",
"330922042901706936438421853080443810470",
"111861557941050179011674487431101429549",
"212578839904593347077979075449451390962",
"198281371162132013315553633399598818194",
"330922042901706936438421853080443810470",
"111861557941050179011674487431101429549",
"212578839904593347077979075449451390962",
"261045457465077080498341045595773657732",
"180914520229022327609456205675108521082",
"95494576852798054454271703688607752528",
"262346630685246727647602666484156311395",
"262346630685246727647602666484156311395",
"262346630685246727647602666484156311395",
"262346630685246727647602666484156311395",
"262346630685246727647602666484156311395",
"262346630685246727647602666484156311395",
"262346630685246727647602666484156311395",
"262346630685246727647602666484156311395",
"262346630685246727647602666484156311395",
"262346630685246727647602666484156311395",
"262346630685246727647602666484156311395",
"262346630685246727647602666484156311395",
"262346630685246727647602666484156311395",
"83297472847323845026436964197361989002",
"182222547089006190408311238010277936448",
"135589407826579574857426821637529727779",
"5172593343258669995608887180346882025",
"86919361384272137991281573199597209294",
"188429310201316040031042458079216895202",
"252323321130563618215557892363916129949",
"151672315088071220954681884926525984769",
"142827101251315096306105145271865977188",
"278582447004814951227952380905322919060",
"80903068681898326307516184871720833775",
"178420402472046148423307172260550992455",
"323213870639243097731066730983482595080",
"297650004693475313405118230597845685715",
"170955499846219928622134341699998212753",
"105276391197108571524971000961791111519",
"321859935555070322038017506172983349808",
"212242218954560020732579924582671221786",
"37516327053160884952845259350914584501",
"262346630685246727647602666484156311395",
"262346630685246727647602666484156311395",
"262346630685246727647602666484156311395",
"262346630685246727647602666484156311395",
"262346630685246727647602666484156311395",
"262346630685246727647602666484156311395",
"262346630685246727647602666484156311395",
"262346630685246727647602666484156311395",
"262346630685246727647602666484156311395",
"262346630685246727647602666484156311395",
"262346630685246727647602666484156311395",
"262346630685246727647602666484156311395",
"262346630685246727647602666484156311395",
"248532307717011033843131618659000489936",
"211779077651670657819592786565296562316",
"197533146321809231396159733225397246544",
"105827504913684722600419198773082883596",
"332455673426819183296763896571786325633",
"12282915717354938328566286300240870230",
"339277578233934219055729420323075500101",
"265820645579729850560930077612780340153",
"100711197997593545422957305815422643167",
"89378386779104341220083947672402162039",
"315407350789675024703426265699360572039",
"69528277720550622980828071928371463658",
"230580397949734913365906780258288668951",
"109775732911986370380995474494210187400",
"56541225303352282533683235025789997840",
"261626941772553401881250518125660151628",
"47750824869666706821606689082317389157",
"42388273314045350273646354317773696268",
"77480930215766756186072205409898182633",
"287780010876231168370663794418491504127",
"80891331599635837807430063775768770535",
"339222664383220229857673860828696232047",
"224523009581982531502866285284639753271",
"153345517661505366545000348851254543732",
"96110113654669631801174613867329196624",
"164786211181124676775901725606432562854",
"115748088554765731120531555933262334420",
"262346630685246727647602666484156311395",
"262346630685246727647602666484156311395",
"262346630685246727647602666484156311395",
"100311316727715207654966582464866165808",
"248671491493099770194471231805995664717",
"202251486450522163283041024593819629666",
"14535053297222481214843115881370948737",
"221792280815484049624279620457161947080",
"327904385174972230351619003830527761589",
"310321179448469749265392836512253193485",
"122722903124417897752399386562594307307",
"286694237445111694594287741160888789241",
"277193268326487814588556899877929116637",
"277234382498313439600010644919672231242",
"96718862710389092944028180736649116430",
"175639137147650852724376448276640075478",
"52027851479836912556775839463779556605",
"265509782799295940072390979880221382525",
"88307694144009521161923392289114788528",
"336570486187008182143703594707935254428",
"13729384285658373720463251426455552986",
"248306177318617374960894298856432647087",
"99906791444091104381529819545140066654",
"116172345733894394245134128151197960664",
"234261411294354358473799147793091933057",
"167144839825940240239896196450998830098",
"174705989972650638763753323466278531301",
"196002717538294405311576694087360271320",
"62544176830407709458098086827478929134",
"87117234172500611101643222421869311081",
"2749689428196538401765076576630431992",
"338882907069372200388102687272292220394",
"170281356370761099921839177144583131727",
"280850378004867200021413539429098156252",
"183519475662647554027991000182809883683",
"193547452481224242645121986700486700717",
"177704283123436803802894527554615908625",
"25474716800276928146104298502720932260",
"123758343598252762931188581681855997887",
"195538152008768251508780610746158633221"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6"
},
{
"id": "CVE-2020-36846-1628fd28",
"signature_type": "Line",
"target": {
"file": "c/dec/decode.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"147576128608693294977240726151938468029",
"249761778172878089280761723136737941430",
"70700746509296257066258298778177253547",
"156260333823908066199600325209294556730",
"259800248676265013504708354675089116696",
"65608806222354569223116860652467833423",
"202454823884268627466968884583175497783",
"55778906496770506342986932518462810158",
"35380799749036738567015883572446877442",
"273085298041500311932141470094874288263",
"246939670935961816377353485448249721520",
"310774505677337339204011634550720813512",
"277975924294431038892306009953711059596",
"228691116565852458357816557366253552689",
"286919756466132432715729680489689498897"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6"
},
{
"id": "CVE-2020-36846-213241df",
"signature_type": "Line",
"target": {
"file": "c/enc/entropy_encode.h"
},
"deprecated": false,
"digest": {
"line_hashes": [
"298328531748877668088774560762527881982",
"97677451188302513525127368679790836552",
"141539081433289976723816112693884901555",
"263152533994093561596099125738096305617",
"18983876000513240286584729357180657163",
"160093159623302692710501787627618108243",
"75384983340894599206946487645507878957",
"78743875514574303364662016380368904866",
"197974449688144444515620219388968102399",
"122815550966608076793664818528353625245",
"13149867990679976246859594973047753387",
"127104238728918897002842503867960746377"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6"
},
{
"id": "CVE-2020-36846-215ca07b",
"signature_type": "Line",
"target": {
"file": "c/enc/brotli_bit_stream.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"200291200386042119936816291846006999842",
"9909909031639072061636603842921138409",
"163219821637894967875874987234073092561",
"255169094297056834868108461343850536931",
"112598253973616761431294491359305341698",
"55119219792462233335971655427571848002",
"175480690731957864688419707808863251105",
"296110571815939789754163555780879867450",
"290985832196060127101352431171663748599",
"283559508567072346070089708873725387413",
"226434542731638150170195358419906567784",
"140725159063609802793337829884901787788",
"82503419243734285377708505290303104465",
"291063338923361547066014173505921040123",
"46747842692189435528856809195877198380",
"22777646664232004133942007783042026017",
"117949774905322243395375399597998914033",
"92004562335622218503486938601911695699",
"208848786783296075699582890989163030476",
"323595123780264471175804624698056746379",
"37823953989469752066802834952719395168",
"328734526705239274199497265102244569310",
"61473062338420485621987975550687166001",
"279855817799644948349974918389750511646",
"80840123799457126441351439712563450010"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6"
},
{
"id": "CVE-2020-36846-2281de32",
"signature_type": "Function",
"target": {
"file": "c/enc/command.h",
"function": "GetCopyExtra"
},
"deprecated": false,
"digest": {
"length": 71.0,
"function_hash": "198733718746167269161153551367852770037"
},
"signature_version": "v1",
"source": "https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6"
},
{
"id": "CVE-2020-36846-24f403d0",
"signature_type": "Function",
"target": {
"file": "c/common/platform.h",
"function": "BrotliDefaultFreeFunc"
},
"deprecated": false,
"digest": {
"length": 101.0,
"function_hash": "131171540022544086868424748921147831000"
},
"signature_version": "v1",
"source": "https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6"
},
{
"id": "CVE-2020-36846-2763aede",
"signature_type": "Function",
"target": {
"file": "c/dec/bit_reader.h",
"function": "BrotliGetRemainingBytes"
},
"deprecated": false,
"digest": {
"length": 100.0,
"function_hash": "182837668083177823281819679322916308833"
},
"signature_version": "v1",
"source": "https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6"
},
{
"id": "CVE-2020-36846-36ff0da7",
"signature_type": "Function",
"target": {
"file": "c/enc/brotli_bit_stream.c",
"function": "GetBlockLengthPrefixCode"
},
"deprecated": false,
"digest": {
"length": 239.0,
"function_hash": "131787696369696081351726079869439298177"
},
"signature_version": "v1",
"source": "https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6"
},
{
"id": "CVE-2020-36846-3a70f746",
"signature_type": "Line",
"target": {
"file": "c/enc/command.h"
},
"deprecated": false,
"digest": {
"line_hashes": [
"262746309279813027189727909350562063891",
"94487334278286320227640722766672781234",
"9237199838113663746935073955379039397",
"330394413334517144129115108997057092789",
"199894518386120758650236135174480707419",
"109102495321662098488656228595923138019",
"13335770017717511815154870944547000799",
"262349170165086026505180374164342138763",
"66333609386265778226301059036914967319",
"77021234975639541939888618444143754425",
"107030093623950368780424883556127435979",
"278536385531275429393114896050614980312",
"81746257480820124123244397958755973087",
"277436856343441445152709117056118784603",
"193114596574776147718854063588367286920",
"890503429095967214398073985098364540",
"207573116115204310145595982224825326622",
"35496968318746486151491912518788218891",
"159039381230661806163054670590951823534",
"109327715991067508317452938241500886264",
"139091581288055378356066483405651087897",
"198884185296731293280952418880768548002",
"263968810339291068422926792097876539391",
"315235206391497456221718115609261479001"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6"
},
{
"id": "CVE-2020-36846-4363346f",
"signature_type": "Function",
"target": {
"file": "c/enc/brotli_bit_stream.c",
"function": "BlockLengthPrefixCode"
},
"deprecated": false,
"digest": {
"length": 258.0,
"function_hash": "237457474710873357741400130346725739015"
},
"signature_version": "v1",
"source": "https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6"
},
{
"id": "CVE-2020-36846-48ecbef1",
"signature_type": "Function",
"target": {
"file": "c/enc/command.h",
"function": "GetCopyBase"
},
"deprecated": false,
"digest": {
"length": 70.0,
"function_hash": "290397854585390400118877604164447142213"
},
"signature_version": "v1",
"source": "https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6"
},
{
"id": "CVE-2020-36846-5c379948",
"signature_type": "Function",
"target": {
"file": "c/dec/decode.c",
"function": "SafeReadBlockLength"
},
"deprecated": false,
"digest": {
"length": 714.0,
"function_hash": "8384051471208952584835083373495003552"
},
"signature_version": "v1",
"source": "https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6"
},
{
"id": "CVE-2020-36846-5e01b0d6",
"signature_type": "Line",
"target": {
"file": "c/common/platform.h"
},
"deprecated": false,
"digest": {
"line_hashes": [
"231510683338704844371767402540515720536",
"276979470040314356639808253790596206497",
"74647890914492328268686785925550467182",
"115339793468372782585213922109232515198",
"248339947013892710273421407914138743366",
"65416641466530853215522488725409768533",
"152113801232007481711791477249362664616",
"239630781219786640475750516068887432303",
"38570944054966716364316012617249045717",
"14996409371468470627497742211863232507",
"109555121509520970557473349152047013465",
"25715546910751187654552965065734142713",
"162639387438046862478065048947016655266",
"310676558771524543806598909857574617468"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6"
},
{
"id": "CVE-2020-36846-6509345e",
"signature_type": "Line",
"target": {
"file": "c/dec/huffman.h"
},
"deprecated": false,
"digest": {
"line_hashes": [
"38989595393000438244704615471351079100",
"270514163143537802590054449853754902148",
"34423033425951616678964631284349074237",
"284711675135821415296881397991466236790",
"202499028607523409654046437046428592456",
"77030257712592252245604291860306475975",
"235462583353289027653133190845618262819",
"325401572394303410802161906496537356411",
"295936692467374619297463124117428985909",
"188194587917232041768299510088856480124",
"31428805862644470371334328607055322086"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6"
},
{
"id": "CVE-2020-36846-662affd9",
"signature_type": "Function",
"target": {
"file": "c/dec/state.c",
"function": "BrotliDecoderHuffmanTreeGroupInit"
},
"deprecated": false,
"digest": {
"length": 522.0,
"function_hash": "186254248663913756468159977535214112836"
},
"signature_version": "v1",
"source": "https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6"
},
{
"id": "CVE-2020-36846-6daa3821",
"signature_type": "Line",
"target": {
"file": "c/dec/prefix.h"
},
"deprecated": false,
"digest": {
"line_hashes": [
"286405288267322832793791613205075225378",
"208814081899459851068838550531374816790",
"318832374691610126074319417861596865162",
"61242359266313825892700187676286659889",
"73354106330393707822602139873682606436",
"85489818242367973105687761712891054986",
"257985423082326516108999374787011351101",
"144661819825281532336065610780544378553",
"31544781688498096754076625183345723133",
"108146787134973995737484440444861843534",
"202521980715605241199656517309783907320",
"238416888913134538196719991118072462178",
"217770928785023929123565799161181272957",
"263385649171543962454789096460219599932",
"56516971038143385778380145313561027894",
"282654657701691008497472747356576898313",
"289996406987645781288356934267812746702"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6"
},
{
"id": "CVE-2020-36846-6f73278a",
"signature_type": "Function",
"target": {
"file": "c/enc/fast_log.h",
"function": "FastLog2"
},
"deprecated": false,
"digest": {
"length": 266.0,
"function_hash": "237964902284661096092498467863939061829"
},
"signature_version": "v1",
"source": "https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6"
},
{
"id": "CVE-2020-36846-89e4ed99",
"signature_type": "Line",
"target": {
"file": "c/enc/entropy_encode.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"107786691764331530779971749990996637609",
"177938648366363033027649790247756072422",
"216824378479327987991658283650618927836"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6"
},
{
"id": "CVE-2020-36846-8c8f3284",
"signature_type": "Line",
"target": {
"file": "c/dec/bit_reader.h"
},
"deprecated": false,
"digest": {
"line_hashes": [
"237451905921788367854959467292431562473",
"95259479640725757491539136430479637359",
"170309794278907181555058943571004773207",
"44248515001703794456594985881814273190",
"116469415384826050882451989380068291500",
"117158985380153106635500410549865933104",
"119908320226685908661557160985344538247",
"125867246152344522514986791374391431150",
"214078684608676484431091358662976242408",
"48320413569816265043238760892833390871",
"130113688851753874379164382934293537232",
"241740187908733726446975912171407022173",
"273884008752539259157059424213782919601",
"45796400833916283452048620182872051738",
"263537520507395192486138489392014889003",
"67378820707823685746352753947449969769",
"134928183385665531458332940678972639834",
"158464506881760599848996864726262980721",
"304739123159245996015125459189965558969",
"202984944320006013813694665221409776972",
"260762287162912694444136113315825885433",
"50987180992109378190981382461733220943",
"313933870144338024052155449497336149516"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6"
},
{
"id": "CVE-2020-36846-9bf24caa",
"signature_type": "Function",
"target": {
"file": "research/brotli_decoder.c",
"function": "fail"
},
"deprecated": false,
"digest": {
"length": 114.0,
"function_hash": "186316137391662761662629250015768002879"
},
"signature_version": "v1",
"source": "https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6"
},
{
"id": "CVE-2020-36846-9c6a7932",
"signature_type": "Function",
"target": {
"file": "c/enc/command.h",
"function": "GetInsertExtra"
},
"deprecated": false,
"digest": {
"length": 70.0,
"function_hash": "123176915406297003275578412835897961442"
},
"signature_version": "v1",
"source": "https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6"
},
{
"id": "CVE-2020-36846-a21e7cc6",
"signature_type": "Line",
"target": {
"file": "c/enc/fast_log.h"
},
"deprecated": false,
"digest": {
"line_hashes": [
"121391463696956377069615596091115031374",
"62207978725387532682229051157769271319",
"272094029665917620313717713902541609551",
"2223326686007242134920228455505032463",
"107751625898880953835908383116048222570",
"263235470593694332154843817188428933851",
"100073990917788362861592645386681289944",
"124196520731957363255277624910754596247",
"125224800933957703369798256261756556893",
"25280177474295453962156867425535113419",
"13399758428181991224387286144865070712",
"18830694064018826760148420958712495834",
"172901057367996882968223299316430336121",
"280611659743726694134735907355150106172",
"292782025327335025817766891698601479049",
"164801489925341256807774509901022732486",
"41184757746030908989045188153983985832",
"155766883377881727420655407382610359032",
"141495740507647534683301814798357819988",
"100060673376620797851018558740603465844",
"267434123181545334564458465295682399955",
"175228389478085584027883671061926533093",
"126250229515299871983313862455515400933",
"265910787801247540868049976436532897707",
"252859699287124440251939149826789693114",
"20334760015778764224470968130251305594",
"11704094536674730042069156430458130037",
"174680321962823657826924780900017710898",
"238306551675070990776575397071795603338",
"127044877611546862528081734511822819442",
"100824646374989640531353167033389024545",
"306096998757636633200827894994721798064",
"132209493033131123552130906450602205257",
"318694741335504677648740990353275947243",
"167056001910929061210539703247085261945",
"240333631095495977644712135446685385498",
"262309623838780929734804846312444009403",
"130349026797210553853454839033313732362",
"35272707508736061984095533134251178541",
"232930953979980241048401982815676722628",
"74643148252195957590930055173194560316",
"265622868007749893753954553010994261183",
"328189227363132298953168226193020551992",
"66284082138597758515888669923218706039",
"138623299255319448808952272774686632558",
"101056925618812813964649137890126481349",
"191808306804334658996468671735806650306",
"36667180839100076425278045031582782140",
"272826434702701475119102365753582579005",
"21632027070977209313731786621964755167",
"44029856821369611676725707501382736040",
"65563944003354936390036831140934558939",
"293439513201137583628810809714117372359",
"65341426899305131907204739363440491347",
"308789203357007880080250304715417772325",
"84321869243921598961244521756185351921",
"88875967184345586285509494929033807967",
"237490694663297699643057024652949346489",
"20577206630314559352659005535478792881",
"246065818413523093493494183783845238413",
"307469703388742029457661402204184886284",
"314197356700879126919291675563546957529",
"150798959399582250707393203402846630681",
"149040431243285905131433107016270707269",
"278476558546737775374861229525566161281",
"332925876150792800271983019843691244490",
"103660084883771440731655904797000417879",
"167227404161361394227550525457316715679",
"176154112712172936213388669188799731333",
"336250881265024858096587736240110552614",
"67037237879212190199293414297585414193",
"249641014834005694640700992823955208999",
"205947411632593918039074248601853597753",
"164949792608297417039266180011530782537",
"243842411129531453290602439116394963741",
"302058297181896455058766794549512008966",
"107997628777086791156644029734587684006",
"176303008525179708987435246905717325977",
"255431138933908333491644327501117734792",
"158660222167066127283844145637483478681",
"90160907721236869892703369968278894943",
"314999148925100391828311926377070980825",
"175385414342435945395549385135168808771",
"139453592548273833227266667054659548620",
"57581678365196268275487407555387799670",
"71067346031375983947677483778424600443",
"315179715613189877306729670650020041128",
"260251472813148927377283324904426064608",
"253701491151927000770908952090386145554",
"92644167242885669503280377619038822727",
"225339963495549998115663941669350568996",
"285602836268929689694008004885102297635",
"209034259055992509450259484577924463821",
"200324646701595786083061233936959692445",
"329516977858216086166190872638860427030",
"323506466829559321322681838080661961953"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6"
},
{
"id": "CVE-2020-36846-a37d3702",
"signature_type": "Function",
"target": {
"file": "c/enc/command.h",
"function": "GetInsertBase"
},
"deprecated": false,
"digest": {
"length": 69.0,
"function_hash": "65863392624578677589800179962592293534"
},
"signature_version": "v1",
"source": "https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6"
},
{
"id": "CVE-2020-36846-a578bb80",
"signature_type": "Line",
"target": {
"file": "c/dec/bit_reader.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"194155025190580565641570705876537371135",
"204500644087178843739469510852966632784",
"99308529283568508073220680707755918449"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6"
},
{
"id": "CVE-2020-36846-a708658e",
"signature_type": "Function",
"target": {
"file": "c/dec/decode.c",
"function": "ReadBlockLength"
},
"deprecated": false,
"digest": {
"length": 245.0,
"function_hash": "239318095186633302937777927930670167254"
},
"signature_version": "v1",
"source": "https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6"
},
{
"id": "CVE-2020-36846-b71a242a",
"signature_type": "Function",
"target": {
"file": "c/enc/entropy_encode.h",
"function": "SortHuffmanTreeItems"
},
"deprecated": false,
"digest": {
"length": 783.0,
"function_hash": "96494790320793830350781851805878159464"
},
"signature_version": "v1",
"source": "https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6"
},
{
"id": "CVE-2020-36846-bb2fb991",
"signature_type": "Line",
"target": {
"file": "c/dec/state.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"122554483146116530848205148327550718166",
"14359741734365202338199513221889746481",
"7375803759200103197078786729725033339",
"214562679008597434461156425099018508920",
"138270201715014727478027295526942763140"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6"
},
{
"id": "CVE-2020-36846-cd6ef743",
"signature_type": "Function",
"target": {
"file": "c/common/platform.h",
"function": "BrotliDefaultAllocFunc"
},
"deprecated": false,
"digest": {
"length": 108.0,
"function_hash": "298938569509868524918194200708358541941"
},
"signature_version": "v1",
"source": "https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6"
},
{
"id": "CVE-2020-36846-d1846f81",
"signature_type": "Function",
"target": {
"file": "research/draw_histogram.cc",
"function": "main"
},
"deprecated": false,
"digest": {
"length": 667.0,
"function_hash": "183009807932322180390919994494180650649"
},
"signature_version": "v1",
"source": "https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6"
},
{
"id": "CVE-2020-36846-dd903b17",
"signature_type": "Line",
"target": {
"file": "research/brotli_decoder.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"123537289525134111306047179599570593823",
"40745447368605855383203149747084797859",
"272137661515509916969602350375774429564",
"274179691318900579135235348900811122496"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6"
},
{
"id": "CVE-2020-36846-e780e472",
"signature_type": "Line",
"target": {
"file": "c/common/constants.h"
},
"deprecated": false,
"digest": {
"line_hashes": [
"164148509548049854925615677161352293327",
"207717977800767885572698087453211989673",
"229925832451751247622004772472591536641",
"221373566199908074527371360380504249264",
"58251466161127906222259142293522412611",
"17281877723991314350232088773052723931"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6"
},
{
"id": "CVE-2020-36846-fe602147",
"signature_type": "Line",
"target": {
"file": "research/draw_histogram.cc"
},
"deprecated": false,
"digest": {
"line_hashes": [
"255206917631739529223312639321074806015",
"9995381775132375509423013389474961995",
"216869314556595785342322687978293126284",
"285129640691618864581248046934666498705",
"197117223425545678549093308911081166091",
"67588811595606166250333504228907835194",
"134594850120677038742443108359497975642",
"277011154662864334901278892322543006149",
"64939539324936242230182193228966957102",
"222922518335556660454663760989351388590",
"67269926791229013694491864970467188743",
"163210493893860992857033894188879711018",
"179905217306880091211280855103799024978"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6"
}
]
}