Lucene search
+L

5 matches found

cve
cve
added 2025/04/03 1:40 a.m.203 views

CVE-2025-2784

CVE-2025-2784 affects the libsoup library (GNOME HTTP client/server). A heap buffer over-read/over-run vulnerability is reported in the content sniffing path, notably in skip_insignificant_space (and related sniffing functions), allowing an out-of-bounds read on crafted responses. Connected advis...

7CVSS7AI score0.00786EPSS
cve
cve
added 2024/11/11 12:0 a.m.183 views

CVE-2024-52531

Summary (CVE-2024-52531 in libsoup): GNOME libsoup versions before 3.6.1 are affected. The issue is a buffer overflow in applications that perform UTF-8 conversion in soup_header_parse_param_list_strict, with a plausible remote trigger via soup_message_headers_get_content_type. This can lead to m...

8.4CVSS7.6AI score0.00679EPSS
cve
cve
added 2018/06/04 2:0 p.m.171 views

CVE-2018-11713

CVE-2018-11713 concerns WebKitGTK's WebKit Libsoup network backend. WebCore/SocketStreamHandleImplSoup.cpp could fail to use system proxy settings for WebSocket connections in WebKitGTK+ builds prior to 2.20.0 or when libsoup 2.62.0 is not present. This could allow a crafted web page to deanonymi...

6.5CVSS7AI score0.01586EPSS
cve
cve
added 2024/11/11 12:0 a.m.171 views

CVE-2024-52532

CVE-2024-52532 affects GNOME libsoup; versions before 3.6.1 have an infinite loop when processing certain WebSocket data, causing memory exhaustion and potential denial of service. Multiple connected advisories corroborate the issue and indicate upgrading to libsoup 3.6.1 or newer as remediation....

7.5CVSS7AI score0.00933EPSS
cve
cve
added 2024/11/11 12:0 a.m.142 views

CVE-2024-52530

CVE-2024-52530 affects GNOME libsoup (libsoup) prior to 3.6.0, where HTTP header parsing ignores trailing null characters in header names, causing a potential HTTP request smuggling vulnerability via a header like Transfer-Encoding\0: chunked. Connected documents confirm the issue across multiple...

7.5CVSS6.9AI score0.00793EPSS