CVE-2023-3635

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-3635
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-3635.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-3635
Aliases
Downstream
Related
Published
2023-07-12T19:15:08.983Z
Modified
2025-11-20T12:20:08.787975Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.

References

Affected packages

Git / github.com/square/okio

Affected ranges

Type
GIT
Repo
https://github.com/square/okio
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
81bce1a30af244550b0324597720e4799281da7b

Affected versions

2.*

2.2.2
2.4.1

okio-parent-0.*

okio-parent-0.5.0
okio-parent-0.6.0
okio-parent-0.6.1
okio-parent-0.7.0
okio-parent-0.8.0
okio-parent-0.9.0

okio-parent-1.*

okio-parent-1.0.0
okio-parent-1.0.1
okio-parent-1.1.0
okio-parent-1.10.0
okio-parent-1.11.0
okio-parent-1.12.0
okio-parent-1.13.0
okio-parent-1.14.0
okio-parent-1.2.0
okio-parent-1.3.0
okio-parent-1.4.0
okio-parent-1.5.0
okio-parent-1.6.0
okio-parent-1.7.0
okio-parent-1.8.0
okio-parent-1.9.0

okio-parent-2.*

okio-parent-2.0.0
okio-parent-2.0.0-RC1
okio-parent-2.1.0
okio-parent-2.2.0
okio-parent-2.2.1

parent-2.*

parent-2.3.0
parent-2.4.0
parent-2.4.3
parent-2.5.0
parent-2.6.0
parent-2.7.0
parent-2.8.0
parent-2.9.0

parent-3.*

parent-3.0.0
parent-3.0.0-alpha.1
parent-3.0.0-alpha.10
parent-3.0.0-alpha.11
parent-3.0.0-alpha.2
parent-3.0.0-alpha.3
parent-3.0.0-alpha.4
parent-3.0.0-alpha.5
parent-3.0.0-alpha.6
parent-3.0.0-alpha.7
parent-3.0.0-alpha.8
parent-3.0.0-alpha.9
parent-3.1.0
parent-3.2.0
parent-3.3.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-3635.json"