13561 2023-08-24 00:22:06 +0300 [CVE 21] okio 1.14.0 CVEs found 2023-10-20 18:01:12 +0300 1 1 2 ROSA-based products ROSA Fresh System (kernel, glibc, systemd, bash, PAM...) All All Linux RESOLVED DUPLICATE 13911 CVE-2023-3635, Normal normal --- 1 y.tumanov bugs e.kosachev s.matveev v.potapov y.tumanov 2021.1 oldest_to_newest 68928 0 y.tumanov 2023-08-24 00:22:06 +0300 Please patch CVEs for package okio version 1.14.0 INFO (CVEs are): okio 1.14.0 cves found CVE-2023-3635 Desc: GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class. Link: https://nvd.nist.gov/vuln/detail/CVE-2023-3635 Severity: HIGH 70302 1 v.potapov 2023-10-20 18:01:12 +0300 *** This bug has been marked as a duplicate of bug 13911 ***