GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.
When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Okio | Squareup | 0.5.0 (including) | 1.17.6 (excluding) |
Okio | Squareup | 2.0.0 (including) | 3.4.0 (excluding) |