Search CVE reports
1 – 10 of 59 results
An out-of-bounds read vulnerability was found in libsoup's multipart processing subsystem. The flaw exists in the soup_multipart_input_stream_read_headers() function inside soup-multipart-input-stream.c, which does not adequately...
2 affected packages
libsoup2.4, libsoup3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libsoup2.4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libsoup3 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
A vulnerability was found in libsoup's WebSocket frame parsing implementation. The library fails to validate length rules specified in RFC 6455 ยง5.5, which mandates that all WebSocket control frames (e.g., PING, PONG, CLOSE)...
2 affected packages
libsoup2.4, libsoup3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libsoup2.4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libsoup3 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
A flaw was found in libsoup's WebSocket implementation when using the permessage-deflate extension. The extension's decompression loop (inflate()) processes data in chunks without enforcing an upper boundary limit on the output...
2 affected packages
libsoup2.4, libsoup3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libsoup2.4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libsoup3 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size,...
2 affected packages
libsoup2.4, libsoup3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libsoup2.4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libsoup3 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the `soup_body_input_stream_read_chunked()` function by sending a malicious HTTP request. This vulnerability occurs when...
2 affected packages
libsoup2.4, libsoup3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libsoup2.4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libsoup3 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_headers_append_common() function in libsoup/soup-message-headers.c unconditionally appends each header value without validating...
2 affected packages
libsoup2.4, libsoup3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libsoup2.4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libsoup3 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
Some fixes available 7 of 11
A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a...
2 affected packages
libsoup2.4, libsoup3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libsoup2.4 | Fixed | Fixed | Fixed | Fixed | Fixed |
| libsoup3 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the `soup_server_disconnect()` function frees connection objects prematurely, even if a TLS handshake is still pending....
2 affected packages
libsoup2.4, libsoup3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libsoup2.4 | Not affected | Not affected | Not affected | Not affected | Not affected |
| libsoup3 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
Some fixes available 6 of 9
A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or...
2 affected packages
libsoup2.4, libsoup3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libsoup2.4 | Fixed | Fixed | Fixed | Fixed | Fixed |
| libsoup3 | Not affected | Needs evaluation | Needs evaluation | — | — |
A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2...
2 affected packages
libsoup2.4, libsoup3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libsoup2.4 | Not affected | Not affected | Not affected | Not affected | Not affected |
| libsoup3 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |