rpm package

opensuse/libsoup2&distro=openSUSE Leap 15.5

pkg:rpm/opensuse/libsoup2&distro=openSUSE%20Leap%2015.5

Vulnerabilities (3)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2024-52532	—	< 2.74.2-150400.3.3.1	2.74.2-150400.3.3.1	Nov 11, 2024	GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.
CVE-2024-52531	—	< 2.74.2-150400.3.3.1	2.74.2-150400.3.3.1	Nov 11, 2024	GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. There is a plausible way to reach this remotely via soup_message_headers_get_content_type (e.g., an application may want to retrieve the co
CVE-2024-52530	—	< 2.74.2-150400.3.3.1	2.74.2-150400.3.3.1	Nov 11, 2024	GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.

CVE-2024-52532Nov 11, 2024
affected < 2.74.2-150400.3.3.1fixed 2.74.2-150400.3.3.1
GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.
CVE-2024-52531Nov 11, 2024
affected < 2.74.2-150400.3.3.1fixed 2.74.2-150400.3.3.1
GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. There is a plausible way to reach this remotely via soup_message_headers_get_content_type (e.g., an application may want to retrieve the co
CVE-2024-52530Nov 11, 2024
affected < 2.74.2-150400.3.3.1fixed 2.74.2-150400.3.3.1
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.