Описание
GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.
A flaw was found in Libsoup. The soup_websocket_connection_read function uses a loop that reads incoming WebSocket data via the glib library. This issue makes it possible to cause the loop to run indefinitely by sending a continuous stream of data to it. The effect will prevent the DCV service from accepting any further connections, leading to a denial of service.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | libsoup3 | Not affected | ||
| Red Hat Enterprise Linux 7 | libsoup | Out of support scope | ||
| Red Hat Enterprise Linux 8 | libsoup | Fixed | RHSA-2024:9573 | 13.11.2024 |
| Red Hat Enterprise Linux 8 | libsoup | Fixed | RHSA-2024:9573 | 13.11.2024 |
| Red Hat Enterprise Linux 9 | libsoup | Fixed | RHSA-2024:9559 | 13.11.2024 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.
GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.
GNOME libsoup before 3.6.1 has an infinite loop, and memory consumptio ...
GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.
7.5 High
CVSS3