rpm package
opensuse/libsoup&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/libsoup&distro=openSUSE%20Tumbleweed
Vulnerabilities (27)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-32049 | Hig | 7.5 | < 3.6.5-13.1 | 3.6.5-13.1 | Apr 3, 2025 | A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS). | |
| CVE-2024-52532 | — | < 3.6.0-2.1 | 3.6.0-2.1 | Nov 11, 2024 | GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients. | ||
| CVE-2024-52531 | — | < 3.6.0-2.1 | 3.6.0-2.1 | Nov 11, 2024 | GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. There is a plausible way to reach this remotely via soup_message_headers_get_content_type (e.g., an application may want to retrieve the co | ||
| CVE-2011-2054 | — | < 2.56.0-1.1 | 2.56.0-1.1 | Feb 19, 2020 | A vulnerability in the Cisco ASA that could allow a remote attacker to successfully authenticate using the Cisco AnyConnect VPN client if the Secondary Authentication type is LDAP and the password is left blank, providing the primary credentials are correct. The vulnerabilities i | ||
| CVE-2018-12910 | — | < 2.72.0-2.5 | 2.72.0-2.5 | Jul 5, 2018 | The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname. | ||
| CVE-2017-2885 | — | < 2.72.0-2.5 | 2.72.0-2.5 | Apr 24, 2018 | An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerab | ||
| CVE-2006-5876 | — | < 2.72.0-2.5 | 2.72.0-2.5 | Jan 16, 2007 | The soup_headers_parse function in soup-headers.c for libsoup HTTP library before 2.2.99 allows remote attackers to cause a denial of service (crash) via malformed HTTP headers, probably involving missing fields or values. |
- affected < 3.6.5-13.1fixed 3.6.5-13.1
A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).
- CVE-2024-52532Nov 11, 2024affected < 3.6.0-2.1fixed 3.6.0-2.1
GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.
- CVE-2024-52531Nov 11, 2024affected < 3.6.0-2.1fixed 3.6.0-2.1
GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. There is a plausible way to reach this remotely via soup_message_headers_get_content_type (e.g., an application may want to retrieve the co
- CVE-2011-2054Feb 19, 2020affected < 2.56.0-1.1fixed 2.56.0-1.1
A vulnerability in the Cisco ASA that could allow a remote attacker to successfully authenticate using the Cisco AnyConnect VPN client if the Secondary Authentication type is LDAP and the password is left blank, providing the primary credentials are correct. The vulnerabilities i
- CVE-2018-12910Jul 5, 2018affected < 2.72.0-2.5fixed 2.72.0-2.5
The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.
- CVE-2017-2885Apr 24, 2018affected < 2.72.0-2.5fixed 2.72.0-2.5
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerab
- CVE-2006-5876Jan 16, 2007affected < 2.72.0-2.5fixed 2.72.0-2.5
The soup_headers_parse function in soup-headers.c for libsoup HTTP library before 2.2.99 allows remote attackers to cause a denial of service (crash) via malformed HTTP headers, probably involving missing fields or values.
Page 2 of 2