CVE-2023-3635

Okio Signed to Unsigned Conversion Error vulnerability

Description

GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.

Patch Available

Fix available through Seal Security.  
No upgrade required, protect your application instantly.

Fix without upgrading

Score

Severity

Ecosystem

Java

Publish Date

July 12, 2023

Modified Date

February 16, 2024

Score Vector

Affected Versions