Search CVE reports
11 – 20 of 59 results
A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header can inject a Carriage Return Line Feed (CRLF) sequence due to improper input sanitization in...
2 affected packages
libsoup2.4, libsoup3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libsoup2.4 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| libsoup3 | Vulnerable | Vulnerable | Vulnerable | — | — |
A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the `soup_message_new()` function, could inject arbitrary headers and additional request data. This vulnerability, known as CRLF (Carriage...
2 affected packages
libsoup2.4, libsoup3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libsoup2.4 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| libsoup3 | Vulnerable | Vulnerable | Vulnerable | — | — |
A flaw was found in libsoup, a library used by applications to send network requests. This vulnerability occurs because libsoup does not properly validate hostnames, allowing special characters to be injected into HTTP headers. A...
2 affected packages
libsoup2.4, libsoup3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libsoup2.4 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| libsoup3 | Vulnerable | Vulnerable | Vulnerable | — | — |
A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count (nc) attribute. This...
2 affected packages
libsoup2.4, libsoup3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libsoup2.4 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| libsoup3 | Vulnerable | Vulnerable | Vulnerable | — | — |
A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations,...
2 affected packages
libsoup2.4, libsoup3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libsoup2.4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libsoup3 | Not affected | Needs evaluation | Needs evaluation | — | — |
A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in the soup_filter_input_stream_read_line() logic, where libsoup accepts malformed chunk...
2 affected packages
libsoup2.4, libsoup3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libsoup2.4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libsoup3 | Not affected | Needs evaluation | Needs evaluation | — | — |
A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially...
2 affected packages
libsoup2.4, libsoup3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libsoup2.4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libsoup3 | Not affected | Needs evaluation | Needs evaluation | — | — |
A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. A remote, unauthenticated...
2 affected packages
libsoup2.4, libsoup3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libsoup2.4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libsoup3 | Not affected | Needs evaluation | Needs evaluation | — | — |
Some fixes available 3 of 10
A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the...
2 affected packages
libsoup2.4, libsoup3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libsoup2.4 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| libsoup3 | Not affected | Fixed | Fixed | — | — |
Some fixes available 3 of 10
A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF (Carriage Return Line Feed) sequences into the header value. These sequences are then interpreted verbatim when...
2 affected packages
libsoup2.4, libsoup3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libsoup2.4 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| libsoup3 | Not affected | Fixed | Fixed | — | — |