Описание
[libsoup: HTTP/1 request smuggling primitives accepted (CL.CL and TE+CL) in soup_headers_parse()]
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libsoup3 | unfixed | package | ||
| libsoup3 | no-dsa | trixie | package | |
| libsoup3 | no-dsa | bookworm | package | |
| libsoup2.4 | removed | package | ||
| libsoup2.4 | no-dsa | trixie | package | |
| libsoup2.4 | no-dsa | bookworm | package |
Примечания
https://gitlab.gnome.org/GNOME/libsoup/-/issues/500
Fixed by: https://gitlab.gnome.org/GNOME/libsoup/-/commit/e032d3e9b0a27d10597398023532dd8f9b6654cf
Связанные уязвимости
ubuntu
около 1 месяца назад
[libsoup: HTTP/1 request smuggling primitives accepted (CL.CL and TE+CL) in soup_headers_parse()]
CVSS3: 3.7
redhat
около 1 месяца назад
A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_headers_append_common() function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate or conflicting Content-Length fields. This allows an attacker to send HTTP requests containing multiple Content-Length headers with differing values.
