CVE-2023-3782: DoS of the OkHttp client when using a BrotliInterceptor and surfing to a malicious web server, or when an attacker can perform MitM to inject a Brotli zip-bomb into an HTTP response
DoS of the OkHttp client when using a BrotliInterceptor and surfing to a malicious web server, or when an attacker can perform MitM to inject a Brotli zip-bomb into an HTTP response
Affected Software
Event History
Frequently Asked Questions
What is the severity of CVE-2023-3782?
The severity of CVE-2023-3782 is medium, with a severity value of 5.9.
How does CVE-2023-3782 impact the OkHttp client?
CVE-2023-3782 can cause a Denial of Service (DoS) for the OkHttp client when using a BrotliInterceptor and accessing a malicious web server or when a Brotli zip-bomb is injected into an HTTP response via a Man-in-the-Middle (MitM) attack.
What software is affected by CVE-2023-3782?
The Squareup Okhttp-brotli library is affected by CVE-2023-3782.
How can the CVE-2023-3782 vulnerability be fixed?
To fix CVE-2023-3782, it is recommended to update to a version of Squareup Okhttp-brotli that includes the necessary security patches.
Where can I find more information about CVE-2023-3782?
You can find more information about CVE-2023-3782 at the following references: [1](https://research.jfrog.com/vulnerabilities/okhttp-client-brotli-dos/) [2](https://github.com/square/okhttp/issues/7738)