Search CVE reports


Toggle filters

1 – 9 of 9 results


CVE-2024-52532

Medium priority

Some fixes available 8 of 9

GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.

2 affected packages

libsoup2.4, libsoup3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libsoup2.4 Fixed Fixed Fixed Fixed Needs evaluation
libsoup3 Fixed Fixed Not in release
Show less packages

CVE-2024-52531

Medium priority

Some fixes available 8 of 9

GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. Input received over the network cannot trigger this.

2 affected packages

libsoup2.4, libsoup3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libsoup2.4 Fixed Fixed Fixed Fixed Needs evaluation
libsoup3 Fixed Fixed Not in release
Show less packages

CVE-2024-52530

Medium priority

Some fixes available 7 of 8

GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a...

2 affected packages

libsoup2.4, libsoup3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libsoup2.4 Fixed Fixed Fixed Fixed Needs evaluation
libsoup3 Fixed Fixed Not in release
Show less packages

CVE-2019-17266

Medium priority
Fixed

libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy.

1 affected package

libsoup2.4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libsoup2.4 Fixed Not affected
Show less packages

CVE-2018-12910

Medium priority
Fixed

The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.

1 affected package

libsoup2.4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libsoup2.4 Fixed Fixed
Show less packages

CVE-2017-2885

High priority
Fixed

An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request...

1 affected package

libsoup2.4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libsoup2.4 Fixed
Show less packages

CVE-2012-2132

Medium priority
Ignored

libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote attackers to bypass authentication by connecting with a SSL connection.

1 affected package

libsoup2.4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libsoup2.4
Show less packages

CVE-2011-2524

Medium priority

Some fixes available 3 of 5

Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI.

2 affected packages

libsoup, libsoup2.4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libsoup
libsoup2.4
Show less packages

CVE-2009-0585

Medium priority
Fixed

Integer overflow in the soup_base64_encode function in soup-misc.c in libsoup 2.x.x before 2.2.x, and 2.x before 2.24, allows context-dependent attackers to execute arbitrary code via a long string that is converted to a base64...

2 affected packages

libsoup, libsoup2.4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libsoup
libsoup2.4
Show less packages