Описание
A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missing state synchronization. This leads to a use-after-free memory access, potentially crashing the affected application. Attackers could exploit this behavior remotely by triggering specific HTTP/2 read and cancel sequences, resulting in a denial-of-service condition.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | code not present |
| esm-infra/bionic | not-affected | code not present |
| esm-infra/focal | not-affected | code not present |
| esm-infra/xenial | not-affected | code not present |
| jammy | not-affected | code not present |
| noble | not-affected | code not present |
| plucky | not-affected | code not present |
| questing | not-affected | code not present |
| upstream | needed |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 3.6.5-6 |
| esm-apps/jammy | released | 3.0.7-0ubuntu1+esm6 |
| jammy | needed | |
| noble | released | 3.4.4-5ubuntu0.6 |
| plucky | released | 3.6.5-1ubuntu0.3 |
| questing | released | 3.6.5-4ubuntu0.1 |
| upstream | needed |
Показывать по
EPSS
7.5 High
CVSS3
Связанные уязвимости
A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missing state synchronization. This leads to a use-after-free memory access, potentially crashing the affected application. Attackers could exploit this behavior remotely by triggering specific HTTP/2 read and cancel sequences, resulting in a denial-of-service condition.
Libsoup: heap use-after-free in libsoup message queue handling during http/2 read completion
A flaw was found in the asynchronous message queue handling of the lib ...
EPSS
7.5 High
CVSS3