Описание
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.
A flaw was found in the Libsoup library. When Libsoup parses HTTP headers, it ignores null bytes at the end of header names. Thus, Transfer-Encoding: chunked is equivalent to Transfer-Encoding\x00: chunked. This issue allows request smuggling when Libsoup is used in a service behind a reverse proxy that forwards null bytes without stripping them.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | libsoup3 | Not affected | ||
| Red Hat Enterprise Linux 6 | libsoup | Out of support scope | ||
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | libsoup | Fixed | RHSA-2024:9654 | 14.11.2024 |
| Red Hat Enterprise Linux 8 | libsoup | Fixed | RHSA-2024:9573 | 13.11.2024 |
| Red Hat Enterprise Linux 8 | libsoup | Fixed | RHSA-2024:9573 | 13.11.2024 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | libsoup | Fixed | RHSA-2024:9501 | 13.11.2024 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | libsoup | Fixed | RHSA-2024:9566 | 13.11.2024 |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | libsoup | Fixed | RHSA-2024:9566 | 13.11.2024 |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | libsoup | Fixed | RHSA-2024:9566 | 13.11.2024 |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | libsoup | Fixed | RHSA-2024:9525 | 13.11.2024 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some confi ...
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.
7.5 High
CVSS3