VYPR
Moderate severityOSV Advisory· Published Jul 12, 2023· Updated Oct 23, 2024

Okio GzipSource unhandled exception Denial of Service

CVE-2023-3635

Description

GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
com.squareup.okio:okioMaven
>= 2.0.0-RC1, < 3.4.03.4.0
com.squareup.okio:okioMaven
< 1.17.61.17.6
com.squareup.okio:okio-jvmMaven
>= 2.0.0-RC1, < 3.4.03.4.0

Affected products

166

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.