CVE-2026-34784

Parse Server has a vulnerability where file downloads via HTTP Range requests bypass the afterFind(Parse.File) trigger and its validators on streaming storage adapters (e.g., GridFS). This can let an attacker access files that should be protected by authorization logic. The issue is fixed in vers...

EUVD-2025-10900

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-32907

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to...

EulerOS 2.0 SP12 : libsoup (EulerOS-SA-2025-1828)

According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in libsoup. A vulnerability in snifffeedorhtml and skipinsignificantspace functions may lead to a heap buffer...

Amazon Linux AMI : libsoup (ALAS-2025-1979)

The version of libsoup installed on the remote host is prior to 2.28.2-5.9. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2025-1979 advisory. A flaw was found in libsoup, where the soupheadersparserequest function may be vulnerable to an out- of-bound read. This...

CVE-2025-32907

A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a fu...

AZL-60426 CVE-2025-32907 affecting package libsoup for versions less than 3.4.4-7

A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a fu...

CVE-2025-32907 Libsoup: denial of service in server when client requests a large amount of overlapping ranges with range header

A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a fu...

CVE-2025-32907

A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a fu...

PT-2025-16239 · Libsoup +9 · Libsoup +9

Name of the Vulnerable Software and Affected Versions: libsoup affected versions not specified Description: A flaw was found in the implementation of HTTP range requests in libsoup, making it vulnerable to a resource consumption attack. This allows a malicious client to request the same range man...

Rocky Linux 8 : squid:4 (RLSA-2021:4292)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4292 advisory. - An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a...

CVE-2021-31807

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious...

Integer overflow

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious...

CVE-2021-31807

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious...

CVE-2021-31807

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious...

CVE-2021-31807

CVE-2021-31807: Squid before 4.15 and 5.x before 5.0.6 suffers an integer overflow in handling HTTP Range responses, enabling a remote attacker to cause a Denial of Service. The trigger is a header that can appear in normal traffic. Affected products/versions: Squid 4.x before 4.15 and 5.x before...

CVE-2021-31807

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious...

UBUNTU-CVE-2021-31807

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious...

Denial Of Service (DoS)

squid is vulnerable to denial of service. The vulnerability exists due to an integer overflow due to insufficient validation of user-supplied input when delivering responses from HTTP Range requests...