Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-3634

Опубликовано: 06 мар. 2026
Источник: redhat
CVSS3: 3.9

Описание

A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header can inject a Carriage Return Line Feed (CRLF) sequence due to improper input sanitization in the soup_message_headers_set_content_type() function. This vulnerability allows for the injection of arbitrary header-value pairs, potentially leading to HTTP header injection and response splitting attacks.

Отчет

This MODERATE impact flaw in libsoup allows an attacker to perform HTTP header injection and response splitting. By controlling the Content-Type header value, an attacker can inject arbitrary header-value pairs due to improper input sanitization in the soup_message_headers_set_content_type() function.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10libsoup3Fix deferred
Red Hat Enterprise Linux 6libsoupOut of support scope
Red Hat Enterprise Linux 7libsoupFix deferred
Red Hat Enterprise Linux 8libsoupFix deferred
Red Hat Enterprise Linux 9libsoupFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-93
https://bugzilla.redhat.com/show_bug.cgi?id=2445129libsoup: libsoup: HTTP header injection and response splitting via CRLF injection in Content-Type header

3.9 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2026-3634

CVSS3: 3.9
ubuntu
18 дней назад

CRLF injection in soup_message_headers_set_content_type()

nvd логотип

CVE-2026-3634

CVSS3: 3.9
nvd
9 дней назад

A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header can inject a Carriage Return Line Feed (CRLF) sequence due to improper input sanitization in the `soup_message_headers_set_content_type()` function. This vulnerability allows for the injection of arbitrary header-value pairs, potentially leading to HTTP header injection and response splitting attacks.

msrc логотип

CVE-2026-3634

msrc
6 дней назад

Libsoup: libsoup: http header injection and response splitting via crlf injection in content-type header

debian логотип

CVE-2026-3634

CVSS3: 3.9
debian
9 дней назад

A flaw was found in libsoup. An attacker controlling the value used to ...

github логотип

GHSA-jx6g-363c-pprr

CVSS3: 3.9
github
9 дней назад

A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header can inject a Carriage Return Line Feed (CRLF) sequence due to improper input sanitization in the `soup_message_headers_set_content_type()` function. This vulnerability allows for the injection of arbitrary header-value pairs, potentially leading to HTTP header injection and response splitting attacks.

3.9 Low

CVSS3