Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2026-3634

Опубликовано: 17 мар. 2026
Источник: debian

Описание

A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header can inject a Carriage Return Line Feed (CRLF) sequence due to improper input sanitization in the `soup_message_headers_set_content_type()` function. This vulnerability allows for the injection of arbitrary header-value pairs, potentially leading to HTTP header injection and response splitting attacks.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libsoup3unfixedpackage
libsoup3no-dsatrixiepackage
libsoup3no-dsabookwormpackage
libsoup2.4removedpackage
libsoup2.4no-dsatrixiepackage
libsoup2.4no-dsabookwormpackage

Примечания

  • https://bugzilla.redhat.com/show_bug.cgi?id=2445129

  • https://gitlab.gnome.org/GNOME/libsoup/-/issues/485

  • Duplicate/Overlapping issue: https://gitlab.gnome.org/GNOME/libsoup/-/issues/486

Связанные уязвимости

ubuntu логотип

CVE-2026-3634

CVSS3: 3.9
ubuntu
18 дней назад

CRLF injection in soup_message_headers_set_content_type()

redhat логотип

CVE-2026-3634

CVSS3: 3.9
redhat
20 дней назад

A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header can inject a Carriage Return Line Feed (CRLF) sequence due to improper input sanitization in the `soup_message_headers_set_content_type()` function. This vulnerability allows for the injection of arbitrary header-value pairs, potentially leading to HTTP header injection and response splitting attacks.

nvd логотип

CVE-2026-3634

CVSS3: 3.9
nvd
9 дней назад

A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header can inject a Carriage Return Line Feed (CRLF) sequence due to improper input sanitization in the `soup_message_headers_set_content_type()` function. This vulnerability allows for the injection of arbitrary header-value pairs, potentially leading to HTTP header injection and response splitting attacks.

msrc логотип

CVE-2026-3634

msrc
6 дней назад

Libsoup: libsoup: http header injection and response splitting via crlf injection in content-type header

github логотип

GHSA-jx6g-363c-pprr

CVSS3: 3.9
github
9 дней назад

A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header can inject a Carriage Return Line Feed (CRLF) sequence due to improper input sanitization in the `soup_message_headers_set_content_type()` function. This vulnerability allows for the injection of arbitrary header-value pairs, potentially leading to HTTP header injection and response splitting attacks.