Libsoup GNOME Libsoup

Do you want an email whenever new security vulnerabilities are reported in GNOME Libsoup?

By the Year

In 2024 there have been 0 vulnerabilities in GNOME Libsoup . Libsoup did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 0 0.00
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 1 9.80
2018 3 8.70

It may take a day or so for new Libsoup vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent GNOME Libsoup Security Vulnerabilities

libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read

CVE-2019-17266 9.8 - Critical - October 06, 2019

libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy.

Out-of-bounds Read

The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2

CVE-2018-12910 9.8 - Critical - July 05, 2018

The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.

Out-of-bounds Read

WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit

CVE-2018-11713 6.5 - Medium - June 04, 2018

WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection.

An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58

CVE-2017-2885 9.8 - Critical - April 24, 2018

An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability.

Memory Corruption

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Red Hat Enterprise Linux Server Tus or by GNOME? Click the Watch button to subscribe.

GNOME
Vendor

GNOME Libsoup
Product

subscribe