Search CVE reports
21 – 30 of 34 results
A flaw was found in libsoup. The libsoup soup_uri_decode_data_uri() function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service (DoS).
2 affected packages
libsoup3, libsoup2.4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libsoup3 | Fixed | Fixed | Not in release | — |
| libsoup2.4 | Not affected | Not affected | Not affected | Not affected |
A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read.
2 affected packages
libsoup3, libsoup2.4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libsoup3 | Fixed | Fixed | Not in release | — |
| libsoup2.4 | Fixed | Fixed | Fixed | Fixed |
A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).
2 affected packages
libsoup3, libsoup2.4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libsoup3 | Vulnerable | Vulnerable | Not in release | — |
| libsoup2.4 | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP...
2 affected packages
libsoup3, libsoup2.4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libsoup3 | Fixed | Fixed | Not in release | — |
| libsoup2.4 | Fixed | Fixed | Fixed | Fixed |
GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.
2 affected packages
libsoup3, libsoup2.4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libsoup3 | Fixed | Fixed | Not in release | — |
| libsoup2.4 | Fixed | Fixed | Fixed | Fixed |
GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. There is a plausible way to reach this remotely via soup_message_headers_get_content_type...
2 affected packages
libsoup3, libsoup2.4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libsoup3 | Fixed | Fixed | Not in release | — |
| libsoup2.4 | Fixed | Fixed | Fixed | Fixed |
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a...
2 affected packages
libsoup2.4, libsoup3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libsoup2.4 | Fixed | Fixed | Fixed | Fixed |
| libsoup3 | Fixed | Fixed | Not in release | — |
libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy.
1 affected package
libsoup2.4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libsoup2.4 | — | — | — | Fixed |
The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.
1 affected package
libsoup2.4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libsoup2.4 | — | — | — | Fixed |
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request...
1 affected package
libsoup2.4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libsoup2.4 | — | — | — | — |