CVE-2023-3635

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jul 12, 2023

Updated: Oct 25, 2023

CWE ID 681

CWE ID 195

Summary

CVE-2023-3635 is a denial-of-service vulnerability affecting the GzipSource class in Okio, a popular Java I/O library. The issue arises when this class encounters a malformed gzip buffer during parsing. Instead of handling the exception properly, it fails to process the input, ultimately resulting in a denial-of-service condition for the Okio client. Maliciously crafted GZIP archives can exploit this vulnerability, making it essential for users to update their Okio libraries to a patched version to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Square Up

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r91b-x
https://www.cve.org/CVERecord?id=CVE-2023-3635
https://nvd.nist.gov/vuln/detail/CVE-2023-3635

Back to Vulnerability Database

CVE-2023-3635

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations