GNOME Libsoup
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in GNOME Libsoup.
By the Year
In 2025 there have been 1 vulnerability in GNOME Libsoup with an average score of 6.5 out of ten. Last year, in 2024 Libsoup had 3 security vulnerabilities published. Right now, Libsoup is on track to have less security vulnerabilities in 2025 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 1 | 6.50 |
| 2024 | 3 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 9.80 |
| 2018 | 3 | 8.70 |
It may take a day or so for new Libsoup vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent GNOME Libsoup Security Vulnerabilities
A flaw was found in libsoup
CVE-2025-2784
6.5 - Medium
- April 03, 2025
A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.
Out-of-bounds Read
GNOME libsoup 3.x WebSocket Infinite Loop and Memory Consumption Vulnerability
CVE-2024-52532
- November 11, 2024
GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.
GNOME libsoup Buffer Overflow Vulnerability in UTF-8 Conversion
CVE-2024-52531
- November 11, 2024
GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. There is a plausible way to reach this remotely via soup_message_headers_get_content_type (e.g., an application may want to retrieve the content type of a request or response).
GNOME libsoup HTTP Request Smuggling Vulnerability in Header Parsing
CVE-2024-52530
- November 11, 2024
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.
libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read
CVE-2019-17266
9.8 - Critical
- October 06, 2019
libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy.
Out-of-bounds Read
The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2
CVE-2018-12910
9.8 - Critical
- July 05, 2018
The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.
Out-of-bounds Read
WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit
CVE-2018-11713
6.5 - Medium
- June 04, 2018
WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection.
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58
CVE-2017-2885
9.8 - Critical
- April 24, 2018
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability.
Memory Corruption
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Enterprise Linux Server Tus or by GNOME? Click the Watch button to subscribe.
