Описание
A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 (Unauthorized) HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing this malformed header can lead to a crash of the client application using libsoup. An attacker could exploit this by setting up a malicious HTTP server. If a user's application using the vulnerable libsoup library connects to this malicious server, it could result in a denial-of-service. Successful exploitation requires tricking a user's client application into connecting to the attacker's malicious server.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 2.74.3-10.1ubuntu2 |
| esm-infra/bionic | released | 2.62.1-1ubuntu0.4+esm4 |
| esm-infra/focal | not-affected | 2.70.0-1ubuntu0.5 |
| esm-infra/xenial | released | 2.52.2-1ubuntu0.3+esm3 |
| focal | released | 2.70.0-1ubuntu0.5 |
| jammy | released | 2.74.2-3ubuntu0.5 |
| noble | released | 2.74.3-6ubuntu1.5 |
| oracular | released | 2.74.3-7ubuntu0.5 |
| plucky | released | 2.74.3-10ubuntu0.3 |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 3.6.5-1ubuntu1 |
| esm-apps/jammy | released | 3.0.7-0ubuntu1+esm4 |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | needed | |
| noble | released | 3.4.4-5ubuntu0.4 |
| oracular | released | 3.6.0-2ubuntu0.4 |
| plucky | released | 3.6.5-1ubuntu0.1 |
| upstream | needs-triage |
Показывать по
Ссылки на источники
4.3 Medium
CVSS3
Связанные уязвимости
A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 (Unauthorized) HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing this malformed header can lead to a crash of the client application using libsoup. An attacker could exploit this by setting up a malicious HTTP server. If a user's application using the vulnerable libsoup library connects to this malicious server, it could result in a denial-of-service. Successful exploitation requires tricking a user's client application into connecting to the attacker's malicious server.
A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 (Unauthorized) HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing this malformed header can lead to a crash of the client application using libsoup. An attacker could exploit this by setting up a malicious HTTP server. If a user's application using the vulnerable libsoup library connects to this malicious server, it could result in a denial-of-service. Successful exploitation requires tricking a user's client application into connecting to the attacker's malicious server.
A denial-of-service vulnerability has been identified in the libsoup H ...
A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 (Unauthorized) HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing this malformed header can lead to a crash of the client application using libsoup. An attacker could exploit this by setting up a malicious HTTP server. If a user's application using the vulnerable libsoup library connects to this malicious server, it could result in a denial-of-service. Successful exploitation requires tricking a user's client application into connecting to the attacker's malicious server.
4.3 Medium
CVSS3