Astra Linux - уязвимость в libsoup2.4

A flaw was discovered in libsoup, where the soupmessageheadersgetcontentdisposition function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function...

CVE-2026-27859

A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message causes mail delivery process to consume large amounts of CPU time. Use MTA capabilities to limit RFC 2231 MIME parameters in mail messages, or upgrade to fixed...

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via improper input sanitization in the soupmessageheaderssetcontenttype function. An attacker can inject arbitrary HTTP headers and manipulate responses by supplying specially crafted values to the Content-Type header...

CVE-2020-7460

In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-STABLE before r363919, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, the sendmsg system call in the compat32 subsystem on 64-bit platforms has a time-of-check to time-of-use vulnerability allowing a mailcious userspace...

CVE-1999-0037

Arbitrary command execution via metamail package using message headers, when user processes attacker's message using metamail...

EUVD-1999-0037

Malware in sbrugna...

EUVD-2020-28586

Malware in sbrugna...

EUVD-2018-16946

Malware in sbrugna...

EUVD-1999-0393

Malware in sbrugna...

Libsoup: double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" ghashtable value

...

CLSA-2025-1750784473 libsoup: Fix of 2 CVEs

CVE-2025-32911: fix use-after-free vulnerability in soupmessageheadersgetcontentdisposition function - CVE-2025-32913: fix NULL pointer dereference in soupmessageheadersgetcontentdisposition function...

libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value

A use-after-free type vulnerability was found in libsoup, in the soupmessageheadersgetcontentdisposition function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server...

libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value

A use-after-free type vulnerability was found in libsoup, in the soupmessageheadersgetcontentdisposition function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server...

SUSE CVE-2025-32911

A use-after-free type vulnerability was found in libsoup, in the soupmessageheadersgetcontentdisposition function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server...

CVE-2025-32913

A flaw was found in libsoup, where the soupmessageheadersgetcontentdisposition function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function...

libsoup 安全漏洞

libsoup is a GNOME HTTP client/server library from the GNOME Project. A security vulnerability exists in libsoup, which stems from a double release issue in the function soupmessageheadersgetcontentdisposition...

[SECURITY] Fedora 40 Update: perl-Email-MIME-1.954-1.fc40

This is an extension of the Email::Simple module, to handle MIME encoded messages. It takes a message as a string, splits it up into its constituent parts, and allows you access to various parts of the message. Headers are decoded from MIME encoding...

SUSE CVE-2023-24534

HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than requir...

Devolutions Server 跨站脚本漏洞

Devolutions Server is an application from Devolutions Canada. It provides a full-featured shared account and password management solution. A security vulnerability exists in versions of Devolutions Server prior to 2022.2, which stems from the fact that some HTML tags can be injected into the head...

CVE-2020-7460

In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-STABLE before r363919, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, the sendmsg system call in the compat32 subsystem on 64-bit platforms has a time-of-check to time-of-use vulnerability allowing a mailcious userspace...