311 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-15711
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in libsoup's WebSocket frame parsing implementation. The library fails to validate length rules specified in RFC 6455 5.5, which...
Linux Distros Unpatched Vulnerability : CVE-2026-15714
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds read vulnerability was found in libsoup's multipart processing subsystem. The flaw exists in the soupmultipartinputstreamreadheaders function...
Linux Distros Unpatched Vulnerability : CVE-2026-15712
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap buffer over-read vulnerability was discovered in libsoup's versions: libsoup 3.0 to 3.7.0 HTTP/2 connection tracking framework. When the library processe...
USN-8523-1: libsoup vulnerabilities
Eric Su and Samuel Dainard discovered that libsoup incorrectly handled content with zero-length resources. An attacker could possibly use this issue to trigger a buffer over-read, resulting in information disclosure or a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04...
Astra Linux – Vulnerability in libsoup3
A flaw was discovered in the asynchronous message queue handling of the libsoup library, which is widely used by GNOME and WebKit-based applications for managing HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed...
RHEL 9 : libsoup (RHSA-2026:22317)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:22317 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: libsoup: Information disclosure via cleartext...
libsoup 安全漏洞
Libsoup is a GNOME project’s HTTP client/server library. Libsoup has a security vulnerability, which stems from an error in the unsigned-to-signed conversion in the soupbodyinputstreamreadchunked function. This vulnerability could allow remote attackers to bypass security controls by sending...
Linux Distros Unpatched Vulnerability : CVE-2026-6324
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the soupbodyinputstreamreadchunked function by sending a...
TencentOS Server 3: libsoup (TSSA-2026:0368)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0368 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
Alibaba Cloud Linux 3 : 0124: libsoup (ALINUX3-SA-2026:0124)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0124 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-5119: A flaw was found in libsoup. When...
Astra Linux – Vulnerability in libsoup2.4
A flaw was discovered in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user with respect to the original host that issued the redirect...
Astra Linux – Vulnerability in libsoup2.4
A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives an HTTP response with a status code of 401 Unauthorized, which contains a specially crafted domain parameter within the WWW-Authenticate header...
Astra Linux – Vulnerability in libsoup2.4
A vulnerability was discovered in the libsoup package. This flaw arises from its failure to correctly verify the termination of multipart HTTP messages. This could allow a remote attacker to send a specially crafted multipart HTTP body, causing the libsoup-consuming server to read beyond its...
RHEL 9 : libsoup (RHSA-2026:19356)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:19356 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: libsoup: Information disclosure via cleartext...
libsoup: libsoup: Denial of Service via Use-After-Free in HTTP/2 server
A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the...
MiracleLinux 8 : libsoup-2.62.3-14.el8_10 (AXSA:2026-596:09)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-596:09 advisory. libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment CVE-2026-5119 Tenable has extracted the...
AlmaLinux 8 : libsoup (ALSA-2026:14087)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:14087 advisory. libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment CVE-2026-5119 Tenable has extracted the preceding...
MiracleLinux 9 : libsoup-2.72.0-12.el9_7.6 (AXSA:2026-573:08)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-573:08 advisory. libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment CVE-2026-5119 Tenable has extracted the...
libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment
A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...
CVE-2026-2708
A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soupmessageheadersappendcommon function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate or conflicting Content-Length fields. This allows an attacker...