JFROGCVELIST:CVE-2023-3635CVE-2023-3635 Okio GzipSource unhandled exception Denial of Service
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
19.8%
GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.
CNA Affected
[
{
"collectionURL": "https://mvnrepository.com",
"defaultStatus": "unaffected",
"packageName": "com.squareup.okio:okio",
"versions": [
{
"lessThan": "1.0.0",
"status": "affected",
"version": "0.5.0",
"versionType": "maven"
},
{
"lessThan": "1.17.6",
"status": "affected",
"version": "1.0.0",
"versionType": "maven"
},
{
"lessThan": "3.0.0",
"status": "affected",
"version": "2.0.0",
"versionType": "maven"
},
{
"lessThan": "3.4.0",
"status": "affected",
"version": "3.0.0",
"versionType": "maven"
}
]
}
]Related
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
19.8%