Search CVE reports
1 – 9 of 9 results
CVE-2024-52532
Medium prioritySome fixes available 8 of 9
GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.
2 affected packages
libsoup2.4, libsoup3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libsoup2.4 | Fixed | Fixed | Fixed | Fixed | Needs evaluation |
libsoup3 | Fixed | Fixed | Not in release | — | — |
CVE-2024-52531
Medium prioritySome fixes available 8 of 9
GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. Input received over the network cannot trigger this.
2 affected packages
libsoup2.4, libsoup3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libsoup2.4 | Fixed | Fixed | Fixed | Fixed | Needs evaluation |
libsoup3 | Fixed | Fixed | Not in release | — | — |
CVE-2024-52530
Medium prioritySome fixes available 7 of 8
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a...
2 affected packages
libsoup2.4, libsoup3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libsoup2.4 | Fixed | Fixed | Fixed | Fixed | Needs evaluation |
libsoup3 | Fixed | Fixed | Not in release | — | — |
CVE-2019-17266
Medium prioritylibsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy.
1 affected package
libsoup2.4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libsoup2.4 | — | — | — | Fixed | Not affected |
CVE-2018-12910
Medium priorityThe get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.
1 affected package
libsoup2.4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libsoup2.4 | — | — | — | Fixed | Fixed |
CVE-2017-2885
High priorityAn exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request...
1 affected package
libsoup2.4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libsoup2.4 | — | — | — | — | Fixed |
CVE-2012-2132
Medium prioritylibsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote attackers to bypass authentication by connecting with a SSL connection.
1 affected package
libsoup2.4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libsoup2.4 | — | — | — | — | — |
CVE-2011-2524
Medium prioritySome fixes available 3 of 5
Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI.
2 affected packages
libsoup, libsoup2.4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libsoup | — | — | — | — | — |
libsoup2.4 | — | — | — | — | — |
CVE-2009-0585
Medium priorityInteger overflow in the soup_base64_encode function in soup-misc.c in libsoup 2.x.x before 2.2.x, and 2.x before 2.24, allows context-dependent attackers to execute arbitrary code via a long string that is converted to a base64...
2 affected packages
libsoup, libsoup2.4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libsoup | — | — | — | — | — |
libsoup2.4 | — | — | — | — | — |