5 matches found
CVE-2025-2784
CVE-2025-2784 affects the libsoup library (GNOME HTTP client/server). A heap buffer over-read/over-run vulnerability is reported in the content sniffing path, notably in skip_insignificant_space (and related sniffing functions), allowing an out-of-bounds read on crafted responses. Connected advis...
CVE-2024-52531
Summary (CVE-2024-52531 in libsoup): GNOME libsoup versions before 3.6.1 are affected. The issue is a buffer overflow in applications that perform UTF-8 conversion in soup_header_parse_param_list_strict, with a plausible remote trigger via soup_message_headers_get_content_type. This can lead to m...
CVE-2018-11713
CVE-2018-11713 concerns WebKitGTK's WebKit Libsoup network backend. WebCore/SocketStreamHandleImplSoup.cpp could fail to use system proxy settings for WebSocket connections in WebKitGTK+ builds prior to 2.20.0 or when libsoup 2.62.0 is not present. This could allow a crafted web page to deanonymi...
CVE-2024-52532
CVE-2024-52532 affects GNOME libsoup; versions before 3.6.1 have an infinite loop when processing certain WebSocket data, causing memory exhaustion and potential denial of service. Multiple connected advisories corroborate the issue and indicate upgrading to libsoup 3.6.1 or newer as remediation....
CVE-2024-52530
CVE-2024-52530 affects GNOME libsoup (libsoup) prior to 3.6.0, where HTTP header parsing ignores trailing null characters in header names, causing a potential HTTP request smuggling vulnerability via a header like Transfer-Encoding\0: chunked. Connected documents confirm the issue across multiple...