2573 matches found
SUSE-SU-2026:2702-1 Security update for libsoup
This update for libsoup fixes the following issue - CVE-2026-1801: HTTP Request Smuggling in soupfilterinputstreamreadline bsc1257649...
Astra Linux – Vulnerability in libsoup3
A flaw was discovered in the asynchronous message queue handling of the libsoup library, which is widely used by GNOME and WebKit-based applications for managing HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed...
Astra Linux – Vulnerability in libsoup2.4, libsoup3
A flaw was discovered in the cookie parsing logic of the libsoup HTTP library, which is used in GNOME applications and other software. The vulnerability arises when processing the expiration dates of cookies, where a specially crafted value can trigger an integer overflow. This may lead to...
Astra Linux – Vulnerability in libsoup2.4
A flaw was discovered in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, resulting in a buffer overread. This can allow an attacker to potentially access sensitive information or cause a denial of service at the application level...
OESA-2026-2719 libsoup security update
libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing...
OESA-2026-2718 libsoup security update
libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing...
OESA-2026-2717 libsoup security update
libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A flaw was found in libsoup. The SoupWebsocketConnection may accept a large...
Oracle Linux 9 : libsoup (ELSA-2026-19356)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-19356 advisory. - Backport patch for CVE-2026-5119 - Backport patch for CVE-2026-1761 - Backport patch for CVE-2026-0719 - Backport patch for CVE-2025-14523 Tenable has...
CVE-2026-12549
The CVE-2026-12549 entry concerns GNOME Libsoup (soupserver). A regression after the fix for CVE-2026-2443 replaced specific overflow checks with a general signed comparison. When a client issues a Range request with a suffix length exceeding the content size, the resulting negative start value i...
CVE-2026-12549 Libsoup: incomplete fix for cve-2026-2443: range suffix overflow in libsoup soupserver
The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size, the resulting negative start value is not properly clamped, leading t...
ROOT-OS-DEBIAN-13-CVE-2026-5119 CVE-2026-5119 in rootio-libsoup3 - Patched by Root
Root has patched CVE-2026-5119 in the rootio-libsoup3 package for Root:Debian:13. Multiple fixed versions available...
Astra Linux – Vulnerability in libsoup2.4
A flaw was discovered in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user with respect to the original host that issued the redirect...
Astra Linux – Vulnerability in libsoup2.4
A use-after-free vulnerability was discovered in libsoup, within the soupmessageheadersgetcontentdisposition function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server...
Astra Linux – Vulnerability in libsoup2.4
GNOME libsoup before version 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in the soupheaderparseparamliststrict function. There is a plausible way to exploit this vulnerability remotely through the soupmessageheadersgetcontenttype function for example, an...
SUSE SLED15 / SLES15 Security Update : libsoup (SUSE-SU-2026:2314-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2314-1 advisory. This update for libsoup fixes the following issues - CVE-2026-1801: HTTP Request Smuggling in...
OESA-2026-2618 libsoup security update
libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A flaw was found in libsoup. The SoupWebsocketConnection may accept a large...
OESA-2026-2617 libsoup security update
libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A flaw was found in libsoup. The SoupWebsocketConnection may accept a large...
OESA-2026-2616 libsoup security update
libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A flaw was found in libsoup. A remote attacker could exploit an unsigned to...
OESA-2026-2615 libsoup security update
libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A flaw was found in libsoup. A remote attacker could exploit an unsigned to...
EulerOS 2.0 SP13 : libsoup (EulerOS-SA-2026-2341)
According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in...