How severe is CVE-2023-3635?

CVE-2023-3635 has a CVSS v3 score of 5.9 (MEDIUM).

CVE-2023-3635

Name: okio
Author: squareup

5.9MEDIUM

GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using

Published: 7/12/2023Updated: 11/21/2024

Description

GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.

AI AnalysisPowered by AI

Affected Products

squareupokio

References

https://github.com/square/okio/commit/81bce1a30af244550b0324597720e4799281da7b
Patch
https://research.jfrog.com/vulnerabilities/okio-gzip-source-unhandled-exception-dos-xray-523195/
ExploitPatchThird Party Advisory
https://github.com/square/okio/commit/81bce1a30af244550b0324597720e4799281da7b
Patch
https://research.jfrog.com/vulnerabilities/okio-gzip-source-unhandled-exception-dos-xray-523195/
ExploitPatchThird Party Advisory