GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HSquareup Okio
APPSquareup0.5.0 – 1.17.6 (bez)2.0.0 – 3.4.0 (bez)
Related vulnerabilities
Square Open Source Retrofit version Prior to commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437 contains a XML Ex...
git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute...
Square Retrofit version versions from (including) 2.0 and 2.5.0 (excluding) contains a Directory Traversal vul...
git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can inst...
A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information d...