Gnome

Libsoup

26 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 0.33%
  • Veröffentlicht 22.06.2026 13:55:06
  • Zuletzt bearbeitet 08.07.2026 15:10:43

The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size, the resulting negative...

Exploit
  • EPSS 0.32%
  • Veröffentlicht 23.04.2026 21:51:23
  • Zuletzt bearbeitet 04.05.2026 18:28:46

A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_headers_append_common() function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate or confl...

Exploit
  • EPSS 0.25%
  • Veröffentlicht 30.03.2026 05:35:57
  • Zuletzt bearbeitet 09.06.2026 10:16:44

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can ...

Exploit
  • EPSS 0.45%
  • Veröffentlicht 26.03.2026 19:31:34
  • Zuletzt bearbeitet 21.04.2026 15:48:48

A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the `soup_server_disconnect()` function frees connection objects prematurely, even if a TLS handshake is still pending. If the handshake co...

  • EPSS 0.42%
  • Veröffentlicht 19.03.2026 14:20:27
  • Zuletzt bearbeitet 28.04.2026 21:29:20

A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an application l...

Exploit
  • EPSS 0.83%
  • Veröffentlicht 17.03.2026 11:14:21
  • Zuletzt bearbeitet 19.05.2026 22:16:38

A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause a...

Exploit
  • EPSS 0.18%
  • Veröffentlicht 17.03.2026 09:44:19
  • Zuletzt bearbeitet 19.03.2026 19:52:33

A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header can inject a Carriage Return Line Feed (CRLF) sequence due to improper input sanitization in the `soup_message_headers_set_content_type()` function. Th...

Exploit
  • EPSS 0.22%
  • Veröffentlicht 17.03.2026 09:44:19
  • Zuletzt bearbeitet 19.03.2026 19:53:34

A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the `soup_message_new()` function, could inject arbitrary headers and additional request data. This vulnerability, known as CRLF (Carriage Return Line Feed) inject...

Exploit
  • EPSS 0.21%
  • Veröffentlicht 17.03.2026 09:44:19
  • Zuletzt bearbeitet 19.03.2026 19:56:43

A flaw was found in libsoup, a library used by applications to send network requests. This vulnerability occurs because libsoup does not properly validate hostnames, allowing special characters to be injected into HTTP headers. A remote attacker coul...

Exploit
  • EPSS 0.36%
  • Veröffentlicht 12.03.2026 13:53:48
  • Zuletzt bearbeitet 23.03.2026 14:02:25

A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count (nc) attribute. This vulnerability allows a rem...