CVE
GHSA-w33c-445m-f8w7
Okio Signed to Unsigned Conversion Error vulnerability
GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.
Package Versions Affected
Package Version
patch Availability
Automatically patch vulnerabilities without upgrading
Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request
CVSS Version
Severity
Base Score
CVSS Version
Score Vector
C
H
U
5.9
-
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
C
H
U
0
-
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
C
H
U
7.5
-
3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Related Resources
No items found.
References
https://nvd.nist.gov/vuln/detail/CVE-2023-3635, https://github.com/square/okio/pull/1280, https://github.com/square/okio/pull/1334, https://github.com/square/okio/commit/81bce1a30af244550b0324597720e4799281da7b, https://github.com/square/okio/commit/b4fa875dc24950680c386e4b1c593660ce4f7839, https://github.com/square/okio, https://github.com/square/okio/blob/master/CHANGELOG.md#version-1176, https://research.jfrog.com/vulnerabilities/okio-gzip-source-unhandled-exception-dos-xray-523195
Basic Information
Ecosystem
