Moderate severityOSV Advisory· Published Jul 12, 2023· Updated Oct 23, 2024
Okio GzipSource unhandled exception Denial of Service
CVE-2023-3635
Description
GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.squareup.okio:okioMaven | >= 2.0.0-RC1, < 3.4.0 | 3.4.0 |
com.squareup.okio:okioMaven | < 1.17.6 | 1.17.6 |
com.squareup.okio:okio-jvmMaven | >= 2.0.0-RC1, < 3.4.0 | 3.4.0 |
Affected products
166- osv-coords165 versionspkg:apk/chainguard/docker-selenium-jre-bcfipspkg:apk/chainguard/docker-selenium-jre-bcfips-supervisor-configpkg:apk/chainguard/druidpkg:apk/chainguard/druid-compatpkg:apk/chainguard/grpc-java-fips-1.56.0pkg:apk/chainguard/grpc-java-fips-1.56.0-m2pkg:apk/chainguard/hadoop-fips-3.3.6pkg:apk/chainguard/knative-kafka-broker-1.17-dispatcher-loompkg:apk/chainguard/knative-kafka-broker-1.17-receiver-loompkg:apk/chainguard/thingsboardpkg:apk/chainguard/thingsboard-tb-js-executorpkg:apk/chainguard/thingsboard-tb-mqtt-transportpkg:apk/chainguard/thingsboard-tb-nodepkg:apk/chainguard/thingsboard-tb-web-uipkg:apk/chainguard/trinopkg:apk/chainguard/trino-configpkg:apk/chainguard/trino-oci-entrypointpkg:apk/chainguard/trino-plugin-accumulopkg:apk/chainguard/trino-plugin-ai-functionspkg:apk/chainguard/trino-plugin-atoppkg:apk/chainguard/trino-plugin-bigquerypkg:apk/chainguard/trino-plugin-blackholepkg:apk/chainguard/trino-plugin-cassandrapkg:apk/chainguard/trino-plugin-clickhousepkg:apk/chainguard/trino-plugin-delta-lakepkg:apk/chainguard/trino-plugin-druidpkg:apk/chainguard/trino-plugin-duckdbpkg:apk/chainguard/trino-plugin-elasticsearchpkg:apk/chainguard/trino-plugin-example-httppkg:apk/chainguard/trino-plugin-exasolpkg:apk/chainguard/trino-plugin-exchange-filesystempkg:apk/chainguard/trino-plugin-exchange-hdfspkg:apk/chainguard/trino-plugin-fakerpkg:apk/chainguard/trino-plugin-functions-pythonpkg:apk/chainguard/trino-plugin-geospatialpkg:apk/chainguard/trino-plugin-google-sheetspkg:apk/chainguard/trino-plugin-hivepkg:apk/chainguard/trino-plugin-http-event-listenerpkg:apk/chainguard/trino-plugin-http-server-event-listenerpkg:apk/chainguard/trino-plugin-hudipkg:apk/chainguard/trino-plugin-icebergpkg:apk/chainguard/trino-plugin-ignitepkg:apk/chainguard/trino-plugin-jmxpkg:apk/chainguard/trino-plugin-kafkapkg:apk/chainguard/trino-plugin-kafka-event-listenerpkg:apk/chainguard/trino-plugin-kinesispkg:apk/chainguard/trino-plugin-kudupkg:apk/chainguard/trino-plugin-lakehousepkg:apk/chainguard/trino-plugin-ldap-group-providerpkg:apk/chainguard/trino-plugin-local-filepkg:apk/chainguard/trino-plugin-lokipkg:apk/chainguard/trino-plugin-mariadbpkg:apk/chainguard/trino-plugin-memorypkg:apk/chainguard/trino-plugin-mlpkg:apk/chainguard/trino-plugin-mongodbpkg:apk/chainguard/trino-plugin-mysqlpkg:apk/chainguard/trino-plugin-mysql-event-listenerpkg:apk/chainguard/trino-plugin-opapkg:apk/chainguard/trino-plugin-openlineagepkg:apk/chainguard/trino-plugin-opensearchpkg:apk/chainguard/trino-plugin-oraclepkg:apk/chainguard/trino-plugin-password-authenticatorspkg:apk/chainguard/trino-plugin-phoenix5pkg:apk/chainguard/trino-plugin-pinotpkg:apk/chainguard/trino-plugin-postgresqlpkg:apk/chainguard/trino-plugin-prometheuspkg:apk/chainguard/trino-plugin-rangerpkg:apk/chainguard/trino-plugin-raptor-legacypkg:apk/chainguard/trino-plugin-redispkg:apk/chainguard/trino-plugin-redshiftpkg:apk/chainguard/trino-plugin-resource-group-managerspkg:apk/chainguard/trino-plugin-session-property-managerspkg:apk/chainguard/trino-plugin-singlestorepkg:apk/chainguard/trino-plugin-snowflakepkg:apk/chainguard/trino-plugin-spooling-filesystempkg:apk/chainguard/trino-plugin-sqlserverpkg:apk/chainguard/trino-plugin-teradata-functionspkg:apk/chainguard/trino-plugin-thriftpkg:apk/chainguard/trino-plugin-tpcdspkg:apk/chainguard/trino-plugin-tpchpkg:apk/chainguard/trino-plugin-verticapkg:apk/chainguard/wavefront-proxypkg:apk/chainguard/wavefront-proxy-compatpkg:apk/chainguard/wavefront-proxy-configpkg:apk/chainguard/wavefront-proxy-licensespkg:apk/wolfi/druidpkg:apk/wolfi/druid-compatpkg:apk/wolfi/thingsboardpkg:apk/wolfi/thingsboard-tb-js-executorpkg:apk/wolfi/thingsboard-tb-mqtt-transportpkg:apk/wolfi/thingsboard-tb-nodepkg:apk/wolfi/thingsboard-tb-web-uipkg:apk/wolfi/trinopkg:apk/wolfi/trino-configpkg:apk/wolfi/trino-oci-entrypointpkg:apk/wolfi/trino-plugin-accumulopkg:apk/wolfi/trino-plugin-ai-functionspkg:apk/wolfi/trino-plugin-atoppkg:apk/wolfi/trino-plugin-bigquerypkg:apk/wolfi/trino-plugin-blackholepkg:apk/wolfi/trino-plugin-cassandrapkg:apk/wolfi/trino-plugin-clickhousepkg:apk/wolfi/trino-plugin-delta-lakepkg:apk/wolfi/trino-plugin-druidpkg:apk/wolfi/trino-plugin-duckdbpkg:apk/wolfi/trino-plugin-elasticsearchpkg:apk/wolfi/trino-plugin-example-httppkg:apk/wolfi/trino-plugin-exasolpkg:apk/wolfi/trino-plugin-exchange-filesystempkg:apk/wolfi/trino-plugin-exchange-hdfspkg:apk/wolfi/trino-plugin-fakerpkg:apk/wolfi/trino-plugin-functions-pythonpkg:apk/wolfi/trino-plugin-geospatialpkg:apk/wolfi/trino-plugin-google-sheetspkg:apk/wolfi/trino-plugin-hivepkg:apk/wolfi/trino-plugin-http-event-listenerpkg:apk/wolfi/trino-plugin-http-server-event-listenerpkg:apk/wolfi/trino-plugin-hudipkg:apk/wolfi/trino-plugin-icebergpkg:apk/wolfi/trino-plugin-ignitepkg:apk/wolfi/trino-plugin-jmxpkg:apk/wolfi/trino-plugin-kafkapkg:apk/wolfi/trino-plugin-kafka-event-listenerpkg:apk/wolfi/trino-plugin-kinesispkg:apk/wolfi/trino-plugin-kudupkg:apk/wolfi/trino-plugin-lakehousepkg:apk/wolfi/trino-plugin-ldap-group-providerpkg:apk/wolfi/trino-plugin-local-filepkg:apk/wolfi/trino-plugin-lokipkg:apk/wolfi/trino-plugin-mariadbpkg:apk/wolfi/trino-plugin-memorypkg:apk/wolfi/trino-plugin-mlpkg:apk/wolfi/trino-plugin-mongodbpkg:apk/wolfi/trino-plugin-mysqlpkg:apk/wolfi/trino-plugin-mysql-event-listenerpkg:apk/wolfi/trino-plugin-opapkg:apk/wolfi/trino-plugin-openlineagepkg:apk/wolfi/trino-plugin-opensearchpkg:apk/wolfi/trino-plugin-oraclepkg:apk/wolfi/trino-plugin-password-authenticatorspkg:apk/wolfi/trino-plugin-phoenix5pkg:apk/wolfi/trino-plugin-pinotpkg:apk/wolfi/trino-plugin-postgresqlpkg:apk/wolfi/trino-plugin-prometheuspkg:apk/wolfi/trino-plugin-rangerpkg:apk/wolfi/trino-plugin-raptor-legacypkg:apk/wolfi/trino-plugin-redispkg:apk/wolfi/trino-plugin-redshiftpkg:apk/wolfi/trino-plugin-resource-group-managerspkg:apk/wolfi/trino-plugin-session-property-managerspkg:apk/wolfi/trino-plugin-singlestorepkg:apk/wolfi/trino-plugin-snowflakepkg:apk/wolfi/trino-plugin-spooling-filesystempkg:apk/wolfi/trino-plugin-sqlserverpkg:apk/wolfi/trino-plugin-teradata-functionspkg:apk/wolfi/trino-plugin-thriftpkg:apk/wolfi/trino-plugin-tpcdspkg:apk/wolfi/trino-plugin-tpchpkg:apk/wolfi/trino-plugin-verticapkg:apk/wolfi/wavefront-proxypkg:apk/wolfi/wavefront-proxy-compatpkg:apk/wolfi/wavefront-proxy-configpkg:apk/wolfi/wavefront-proxy-licensespkg:maven/com.squareup.okio/okiopkg:maven/com.squareup.okio/okio-jvm
< 4.29.0.20250303-r0+ 164 more
- (no CPE)range: < 4.29.0.20250303-r0
- (no CPE)range: < 4.29.0.20250303-r0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 3.3.6-r0
- (no CPE)range: < 1.17.3-r14
- (no CPE)range: < 1.17.3-r14
- (no CPE)range: < 3.7-r2
- (no CPE)range: < 3.7-r2
- (no CPE)range: < 3.7-r2
- (no CPE)range: < 3.7-r2
- (no CPE)range: < 3.7-r2
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 13.4-r4
- (no CPE)range: < 13.4-r4
- (no CPE)range: < 13.4-r4
- (no CPE)range: < 13.4-r4
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 3.7-r2
- (no CPE)range: < 3.7-r2
- (no CPE)range: < 3.7-r2
- (no CPE)range: < 3.7-r2
- (no CPE)range: < 3.7-r2
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 469-r0
- (no CPE)range: < 13.4-r4
- (no CPE)range: < 13.4-r4
- (no CPE)range: < 13.4-r4
- (no CPE)range: < 13.4-r4
- (no CPE)range: >= 2.0.0-RC1, < 3.4.0
- (no CPE)range: >= 2.0.0-RC1, < 3.4.0
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-w33c-445m-f8w7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-3635ghsaADVISORY
- github.com/square/okio/blob/master/CHANGELOG.mdghsaWEB
- github.com/square/okio/commit/81bce1a30af244550b0324597720e4799281da7bghsaWEB
- github.com/square/okio/commit/b4fa875dc24950680c386e4b1c593660ce4f7839ghsaWEB
- github.com/square/okio/pull/1280ghsaWEB
- github.com/square/okio/pull/1334ghsaWEB
- research.jfrog.com/vulnerabilities/okio-gzip-source-unhandled-exception-dos-xray-523195ghsaWEB
- research.jfrog.com/vulnerabilities/okio-gzip-source-unhandled-exception-dos-xray-523195/mitre
News mentions
0No linked articles in our index yet.