Описание
A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libsoup3 | unfixed | package | ||
| libsoup3 | no-dsa | bookworm | package | |
| libsoup2.4 | unfixed | package | ||
| libsoup2.4 | no-dsa | bookworm | package |
Примечания
https://gitlab.gnome.org/GNOME/libsoup/-/issues/390
https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/408
Proposed fix adds an option with the default retaining old behaviour:
https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/408#note_2394070
EPSS
Связанные уязвимости
A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).
A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).
A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).
A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).
Уязвимость реализации протокола WebSocket библиотеки libsoup графического интерфейса GNOME, позволяющая нарушителю вызвать отказ в обслуживании
EPSS