View all vulnerabilities

CVE-2023-3635

Okio Signed to Unsigned Conversion Error vulnerability

GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Vulnerability Details
Score
5.8
Score Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Versions
com.squareup.okio:okio >= 2.0.0-RC1 < 3.4.0; com.squareup.okio:okio < 1.17.6; com.squareup.okio:okio-jvm >= 2.0.0-RC1 < 3.4.0
Severity
Medium
Ecosystem
Publish Date
July 12, 2023
Modified Date
February 16, 2024