924 matches found
Security update for libsoup (important)
openSUSE security update: security update for libsoup ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20186-1 Rating: important References: bsc1257440 bsc1257598 Cross-References: CVE-2026-1536 CVE-2026-1761 CVSS scores: CVE-2026-1536 SUSE : 8.6...
tornado: Tornado Quadratic DoS via Crafted Multipart Parameters
A denial of service flaw has been discovered in the Tornado networking library. Affected versions of Tornado us an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a DoS. The parseparam function in httputil.py is used to parse specific HTTP header values,...
tornado: Tornado Quadratic DoS via Crafted Multipart Parameters
A denial of service flaw has been discovered in the Tornado networking library. Affected versions of Tornado us an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a DoS. The parseparam function in httputil.py is used to parse specific HTTP header values,...
tornado: Tornado Quadratic DoS via Crafted Multipart Parameters
A denial of service flaw has been discovered in the Tornado networking library. Affected versions of Tornado us an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a DoS. The parseparam function in httputil.py is used to parse specific HTTP header values,...
tornado: Tornado Quadratic DoS via Crafted Multipart Parameters
A denial of service flaw has been discovered in the Tornado networking library. Affected versions of Tornado us an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a DoS. The parseparam function in httputil.py is used to parse specific HTTP header values,...
OPENSUSE-SU-2026:20186-1 Security update for libsoup
This update for libsoup fixes the following issues: - CVE-2026-1536: HTTP header injection or response splitting via CRLF injection in the Content-Disposition header bsc1257440. - CVE-2026-1761: incorrect length calculation when parsing of multipart HTTP responses can lead to a stack-based buffer...
SUSE-SU-2026:20238-1 Security update for libsoup
This update for libsoup fixes the following issues: - CVE-2026-1536: HTTP header injection or response splitting via CRLF injection in the Content-Disposition header bsc1257440. - CVE-2026-1761: incorrect length calculation when parsing of multipart HTTP responses can lead to a stack-based buffer...
SUSE-SU-2026:20339-1 Security update for libsoup
This update for libsoup fixes the following issues: - CVE-2026-1536: HTTP header injection or response splitting via CRLF injection in the Content-Disposition header bsc1257440. - CVE-2026-1761: incorrect length calculation when parsing of multipart HTTP responses can lead to a stack-based buffer...
AZL-76370 CVE-2026-1536 affecting package libsoup for versions less than 3.4.4-12
A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF Carriage Return Line Feed sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing arbitrary HTTP...
AZL-76395 CVE-2026-1536 affecting package libsoup for versions less than 3.0.4-12
A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF Carriage Return Line Feed sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing arbitrary HTTP...
CVE-2026-1536
A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF Carriage Return Line Feed sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing arbitrary HTTP...
CVE-2026-1536
A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF Carriage Return Line Feed sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing arbitrary HTTP...
UBUNTU-CVE-2026-1536
A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF Carriage Return Line Feed sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing arbitrary HTTP...
CVE-2026-1536 Libsoup: libsoup: http header injection or response splitting via crlf injection in content-disposition header
A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF Carriage Return Line Feed sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing arbitrary HTTP...
EUVD-2026-4887
A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF Carriage Return Line Feed sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing arbitrary HTTP...
CVE-2026-1536
CVE-2026-1536 refers to a flaw in the libsoup HTTP library where an attacker able to control the Content-Disposition header input can inject CRLF sequences. This results in arbitrary HTTP header injection or HTTP response splitting without authentication. The connected IBM ACE bulletin documents ...
CVE-2026-1536
A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF Carriage Return Line Feed sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing arbitrary HTTP...
CVE-2026-1536 Libsoup: libsoup: http header injection or response splitting via crlf injection in content-disposition header
A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF Carriage Return Line Feed sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing arbitrary HTTP...
CVE-2026-1536
A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF Carriage Return Line Feed sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing arbitrary HTTP...
LibSoup injection vulnerability
Libsoup is a GNOME project’s HTTP client/server library. Libsoup has a vulnerability due to improper control of the Content-Disposition header, which may lead to HTTP header injection or HTTP response splitting...