rpm package
suse/libsoup&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP2
pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-52532 | — | < 2.68.4-150200.4.3.1 | 2.68.4-150200.4.3.1 | Nov 11, 2024 | GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients. | ||
| CVE-2024-52531 | — | < 2.68.4-150200.4.3.1 | 2.68.4-150200.4.3.1 | Nov 11, 2024 | GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. There is a plausible way to reach this remotely via soup_message_headers_get_content_type (e.g., an application may want to retrieve the co | ||
| CVE-2024-52530 | — | < 2.68.4-150200.4.3.1 | 2.68.4-150200.4.3.1 | Nov 11, 2024 | GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header. |
- CVE-2024-52532Nov 11, 2024affected < 2.68.4-150200.4.3.1fixed 2.68.4-150200.4.3.1
GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.
- CVE-2024-52531Nov 11, 2024affected < 2.68.4-150200.4.3.1fixed 2.68.4-150200.4.3.1
GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. There is a plausible way to reach this remotely via soup_message_headers_get_content_type (e.g., an application may want to retrieve the co
- CVE-2024-52530Nov 11, 2024affected < 2.68.4-150200.4.3.1fixed 2.68.4-150200.4.3.1
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.