Описание
A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server memory beyond the intended response. Exploitation requires a vulnerable configuration and access to a server using the embedded SoupServer component.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libsoup3 | fixed | 3.6.6-1 | package | |
| libsoup3 | no-dsa | trixie | package | |
| libsoup3 | no-dsa | bookworm | package | |
| libsoup2.4 | removed | package | ||
| libsoup2.4 | no-dsa | trixie | package | |
| libsoup2.4 | no-dsa | bookworm | package |
Примечания
https://gitlab.gnome.org/GNOME/libsoup/-/issues/487
https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/508
Fixed by: https://gitlab.gnome.org/GNOME/libsoup/-/commit/b9964993a32b2fa734a6b5ba2d465c2c14e22de17 (3.6.6)
Followup: https://gitlab.gnome.org/GNOME/libsoup/-/commit/b00665d626255868ff4b6a30534f46e742478e232 (3.6.6)
EPSS
Связанные уязвимости
A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server memory beyond the intended response. Exploitation requires a vulnerable configuration and access to a server using the embedded SoupServer component.
A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server memory beyond the intended response. Exploitation requires a vulnerable configuration and access to a server using the embedded SoupServer component.
A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server memory beyond the intended response. Exploitation requires a vulnerable configuration and access to a server using the embedded SoupServer component.
Libsoup: out-of-bounds read in libsoup handle_partial_get() leading to heap information disclosure
A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server memory beyond the intended response. Exploitation requires a vulnerable configuration and access to a server using the embedded SoupServer component.
EPSS