GNOME libsoup before 3.6.1 has an infinite loop and memory consumption. during the reading of certain patterns of WebSocket data from clients.

...

Cross-Site WebSocket Hijacking

HTML5 WebSockets allow developers to create bi-directionnal communication channels between clients usually web browsers and servers. To initialize the communication, the WebSocket protocol requires a handshake performed with the HTTP protocol to ugprade the communication. When a web application...

RLSA-2024:9573 Important: libsoup security update

The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: infinite loop while reading websocket data CVE-2024-52532 libsoup: HTTP request smuggling via stripping null bytes from the ends of header names CVE-2024-52530 For more details about the security...

libsoup security update

An update is available for libsoup. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libsoup packages provide an HTTP client and server library for GNOME...

libsoup security update

2.72.0-8.el95.2 - Backport upstream patch for CVE-2024-52532 - infinite loop while reading websocket data - Resolves: RHEL-67068 2.72.0-8.el95.1 - Backport upstream patch for CVE-2024-52530 - HTTP request smuggling via stripping null bytes from the ends of header names - Resolves: RHEL-67080...

OESA-2024-2405 tomcat security update

The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...

OESA-2024-2404 tomcat security update

The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...

OESA-2024-2403 tomcat security update

The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...

OESA-2024-2402 tomcat security update

The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...

Exploit for Origin Validation Error in Jenkins

Jenkins CLI Websocket Hijacking - PoC A proof of concept cross...

CVE-2024-40404

Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the API endpoint where Web Sockets connections are established...

libsoup: infinite loop while reading websocket data

A flaw was found in Libsoup. The soupwebsocketconnectionread function uses a loop that reads incoming WebSocket data via the glib library. This issue makes it possible to cause the loop to run indefinitely by sending a continuous stream of data to it. The effect will prevent the DCV service from...

libsoup: infinite loop while reading websocket data

A flaw was found in Libsoup. The soupwebsocketconnectionread function uses a loop that reads incoming WebSocket data via the glib library. This issue makes it possible to cause the loop to run indefinitely by sending a continuous stream of data to it. The effect will prevent the DCV service from...

Important: Red Hat Security Advisory: libsoup security update

An update for libsoup is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

SUSE CVE-2024-52532

GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients...

PT-2024-28830 · Cybele · Thinfinity Workspace

Name of the Vulnerable Software and Affected Versions: Cybele Software Thinfinity Workspace versions prior to 7.0.2.113 Description: The issue is related to an access control problem in the API endpoint where Web Sockets connections are established. Recommendations: For versions prior to 7.0.2.11...

libsoup security update

2.62.3-6 - Backport upstream patch for CVE-2024-52530 - HTTP request smuggling via stripping null bytes from the ends of header names - Backport upstream patch for CVE-2024-52530 - infinite loop while reading websocket data - Resolves: RHEL-67076 - Resolves: RHEL-67067...

Cybele Software Thinfinity Workspace 安全漏洞

Cybele Software Thinfinity Workspace is an integrated solution for virtualizing applications, desktops, data and accessing any host from a unified portal from Cybele Software, USA. A security vulnerability exists in Cybele Software Thinfinity Workspace prior to v7.0.2.113 that stems from an acces...

Important: libsoup security update

The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: infinite loop while reading websocket data CVE-2024-52532 libsoup: HTTP request smuggling via stripping null bytes from the ends of header names CVE-2024-52530 For more details about the security...

Important: libsoup security update

The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: infinite loop while reading websocket data CVE-2024-52532 libsoup: HTTP request smuggling via stripping null bytes from the ends of header names CVE-2024-52530 For more details about the security...