rpm package
suse/libsoup&distro=SUSE Linux Enterprise Server 12 SP5-LTSS
pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS
Vulnerabilities (31)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-32913 | Hig | 7.5 | < 2.62.2-5.15.1 | 2.62.2-5.15.1 | Apr 14, 2025 | A flaw was found in libsoup, where the soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function. | |
| CVE-2025-32907 | Med | 5.3 | < 2.62.2-5.12.1 | 2.62.2-5.12.1 | Apr 14, 2025 | A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does n | |
| CVE-2025-32906 | Hig | 7.5 | < 2.62.2-5.15.1 | 2.62.2-5.15.1 | Apr 14, 2025 | A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server. | |
| CVE-2025-32053 | Med | 6.5 | < 2.62.2-5.12.1 | 2.62.2-5.12.1 | Apr 3, 2025 | A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read. | |
| CVE-2025-32052 | Med | 6.5 | < 2.62.2-5.12.1 | 2.62.2-5.12.1 | Apr 3, 2025 | A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read. | |
| CVE-2025-32050 | Med | 5.9 | < 2.62.2-5.12.1 | 2.62.2-5.12.1 | Apr 3, 2025 | A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read. | |
| CVE-2025-32049 | Hig | 7.5 | < 2.62.2-5.34.1 | 2.62.2-5.34.1 | Apr 3, 2025 | A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS). | |
| CVE-2025-2784 | — | < 2.62.2-5.12.1 | 2.62.2-5.12.1 | Apr 3, 2025 | A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server. | ||
| CVE-2024-52532 | — | < 2.62.2-5.12.1 | 2.62.2-5.12.1 | Nov 11, 2024 | GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients. | ||
| CVE-2024-52531 | — | < 2.62.2-5.12.1 | 2.62.2-5.12.1 | Nov 11, 2024 | GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. There is a plausible way to reach this remotely via soup_message_headers_get_content_type (e.g., an application may want to retrieve the co | ||
| CVE-2024-52530 | — | < 2.62.2-5.12.1 | 2.62.2-5.12.1 | Nov 11, 2024 | GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header. |
- affected < 2.62.2-5.15.1fixed 2.62.2-5.15.1
A flaw was found in libsoup, where the soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function.
- affected < 2.62.2-5.12.1fixed 2.62.2-5.12.1
A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does n
- affected < 2.62.2-5.15.1fixed 2.62.2-5.15.1
A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server.
- affected < 2.62.2-5.12.1fixed 2.62.2-5.12.1
A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read.
- affected < 2.62.2-5.12.1fixed 2.62.2-5.12.1
A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.
- affected < 2.62.2-5.12.1fixed 2.62.2-5.12.1
A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read.
- affected < 2.62.2-5.34.1fixed 2.62.2-5.34.1
A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).
- CVE-2025-2784Apr 3, 2025affected < 2.62.2-5.12.1fixed 2.62.2-5.12.1
A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.
- CVE-2024-52532Nov 11, 2024affected < 2.62.2-5.12.1fixed 2.62.2-5.12.1
GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.
- CVE-2024-52531Nov 11, 2024affected < 2.62.2-5.12.1fixed 2.62.2-5.12.1
GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. There is a plausible way to reach this remotely via soup_message_headers_get_content_type (e.g., an application may want to retrieve the co
- CVE-2024-52530Nov 11, 2024affected < 2.62.2-5.12.1fixed 2.62.2-5.12.1
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.
Page 2 of 2