How severe is CVE-2023-3635?

CVE-2023-3635 has a CVSS v3 score of 5.9 (MEDIUM).

CVE-2023-3635

Name: okio
Author: squareup

5.9MEDIUM

GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using

게시됨: 7/12/2023업데이트됨: 11/21/2024

설명

GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.

AI 분석AI 기반

영향받는 제품

squareupokio

참조

https://github.com/square/okio/commit/81bce1a30af244550b0324597720e4799281da7b
Patch
https://research.jfrog.com/vulnerabilities/okio-gzip-source-unhandled-exception-dos-xray-523195/
ExploitPatchThird Party Advisory
https://github.com/square/okio/commit/81bce1a30af244550b0324597720e4799281da7b
Patch
https://research.jfrog.com/vulnerabilities/okio-gzip-source-unhandled-exception-dos-xray-523195/
ExploitPatchThird Party Advisory