OESA-2025-2670

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2670
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2025-2670.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2025-2670
Upstream
  • CVE-2025-6176
Published
2025-11-14T12:38:58Z
Modified
2025-11-14T13:02:53.394245Z
Summary
brotli security update
Details

Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It is similar in speed with deflate but offers more dense compression.

Security Fix(es):

Scrapy versions up to 2.13.2 are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occurs because brotli can achieve extremely high compression ratios for zero-filled data, leading to excessive memory consumption during decompression.(CVE-2025-6176)

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:24.03-LTS-SP2 / brotli

Package

Name
brotli
Purl
pkg:rpm/openEuler/brotli&distro=openEuler-24.03-LTS-SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.0-2.oe2403sp2

Ecosystem specific 

{
    "x86_64": [
        "brotli-1.1.0-2.oe2403sp2.x86_64.rpm",
        "brotli-debuginfo-1.1.0-2.oe2403sp2.x86_64.rpm",
        "brotli-debugsource-1.1.0-2.oe2403sp2.x86_64.rpm",
        "brotli-devel-1.1.0-2.oe2403sp2.x86_64.rpm",
        "python3-brotli-1.1.0-2.oe2403sp2.x86_64.rpm"
    ],
    "aarch64": [
        "brotli-1.1.0-2.oe2403sp2.aarch64.rpm",
        "brotli-debuginfo-1.1.0-2.oe2403sp2.aarch64.rpm",
        "brotli-debugsource-1.1.0-2.oe2403sp2.aarch64.rpm",
        "brotli-devel-1.1.0-2.oe2403sp2.aarch64.rpm",
        "python3-brotli-1.1.0-2.oe2403sp2.aarch64.rpm"
    ],
    "noarch": [
        "brotli-help-1.1.0-2.oe2403sp2.noarch.rpm"
    ],
    "src": [
        "brotli-1.1.0-2.oe2403sp2.src.rpm"
    ]
}

Database specific

source 
"https://repo.openeuler.org/security/data/osv/OESA-2025-2670.json"