79 matches found
CVE-2026-2443 Libsoup: out-of-bounds read in libsoup handle_partial_get() leading to heap information disclosure
A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server...
CVE-2026-2443 Libsoup: out-of-bounds read in libsoup handle_partial_get() leading to heap information disclosure
A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server...
CVE-2026-2443
A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server...
CVE-2026-2443
CVE-2026-2443 affects the libsoup HTTP library used in GNOME-based systems. The issue arises when processing crafted HTTP Range headers, where the library may incorrectly validate requested byte ranges, potentially allowing an out-of-bounds read via the embedded SoupServer component. The root cau...
CVE-2026-2443
A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server...
libsoup 缓冲区错误漏洞
Libsoup is a GNOME project’s HTTP client/server library. Libsoup has a buffer error vulnerability, which stems from improper validation when handling specially crafted HTTP Range headers. This vulnerability may lead to unexpected access to memory on the server...
Linux Distros Unpatched Vulnerability : CVE-2026-2443
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005315)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005315 advisory. Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such...
HTTP Request Smuggling
Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the parsing of Range headers. An attacker can potentially interfere with HTTP request processing by supplying non-ASCII decimals in the header, which may lead to unexpected parser mismatches. Remediation Upgra...
Regular Expression Denial of Service (ReDoS)
Overview starlette is a The little ASGI library that shines. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the FileResponse.parserangeheader method. An attacker can exhaust server CPU resources by sending a specially crafted HTTP Range header...
CVE-2025-62727
Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion...
EUVD-2024-0768
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2018-15756
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide suppor...
USN-7643-1 libsoup3, libsoup2.4 vulnerabilities
Jan Różański discovered that libsoup incorrectly handled range headers in an HTTP request. An attacker could possibly use this issue to cause libsoup to consume excessive memory, resulting in a denial of service. CVE-2025-32907 Alon Zahavi discovered that libsoup incorrectly handled memory when...
CVE-2021-37253
M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges in HTTP requests with crafted Range or Request-Range headers. NOTE: this is disputed because the range behavior is the responsibility of the web server, not the responsibility of the individual web application...
USN-6837-2: Rack vulnerabilities
It was discovered that Rack incorrectly parsed certain media types. A remote attacker could possibly use this issue to cause Rack to consume resources, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2024-25126 It was discovered that Rack...
USN-6837-2 ruby-rack vulnerabilities
It was discovered that Rack incorrectly parsed certain media types. A remote attacker could possibly use this issue to cause Rack to consume resources, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2024-25126 It was discovered that Rack...
OESA-2024-1822 rubygem-rack security update
Rack provides a minimal, modular, and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a single...
OESA-2024-1820 rubygem-rack security update
Rack provides a minimal, modular, and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a single...
OESA-2024-1821 rubygem-rack security update
Rack provides a minimal, modular, and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a single...