CVE-2023-3635

Summary

GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.

Affected Software

VendorProductVersion RangeStatus
0.5.0 < 1.0.0affected
1.0.0 < 1.17.6affected
2.0.0 < 3.0.0affected
3.0.0 < 3.4.0affected

Weaknesses

  • CWE-195: CWE-195: Signed to Unsigned Conversion Error

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References