CVE-2023-3635 - Denial of Service (DoS)

Severity: None2023-10-05

Abstract

GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.

The Oxygen products incorporate Okio as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.

Affected Products/Versions

Product	Severity	Fixed Release Availability
Oxygen Content Fusion v5.1.1 and older	None	N/A

Mitigation

None

Detail

CVE-2023-3635

Severity: High

CVSS Score: 7.5

The Okio third-party library used by Oxygen XML products is an affected version mentioned in CVE-2023-3635 vulnerability description. However, since user cannot control the GZIP archive, this vulnerability does not affect Oxygen XML products.

List of Security Advisories

Oxygen XML Editor
Starting from
Academic $6/month
Personal $240
Business $942

Video Tutorials

Upcoming Events

Balisage: The Markup Conference 2024

CVE-2023-3635 - Denial of Service (DoS)

Abstract

Affected Products/Versions

Mitigation

Detail

Products

Features

Shop

Resources

Support

Company