Libsoup
Source repositories
CVEs (29)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-2885 | Cri | 0.66 | 9.8 | 0.24 | Apr 24, 2018 | An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this… | ||
| CVE-2018-12910 | Cri | 0.64 | 9.8 | 0.04 | Jul 5, 2018 | The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname. | ||
| CVE-2026-0719 | Hig | 0.56 | 8.6 | 0.01 | Jan 8, 2026 | A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This… | ||
| CVE-2025-12105 | Hig | 0.49 | 7.5 | 0.00 | Oct 23, 2025 | A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed… | ||
| CVE-2025-32049 | Hig | 0.49 | 7.5 | 0.01 | Apr 3, 2025 | A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS). | ||
| CVE-2026-2436 | Med | 0.42 | 6.5 | 0.00 | Mar 26, 2026 | A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the `soup_server_disconnect()` function frees connection objects prematurely, even if a TLS handshake is still pending. If the handshake completes after the connection… | ||
| CVE-2026-2369 | Med | 0.42 | 6.5 | 0.00 | Mar 19, 2026 | A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an application level denial of service. | ||
| CVE-2025-4969 | Med | 0.42 | 6.5 | 0.01 | May 21, 2025 | A vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of multipart HTTP messages. This can allow a remote attacker to send a specially crafted multipart HTTP body, causing the libsoup-consuming server to read… | ||
| CVE-2025-32053 | Med | 0.42 | 6.5 | 0.01 | Apr 3, 2025 | A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read. | ||
| CVE-2025-32052 | Med | 0.42 | 6.5 | 0.01 | Apr 3, 2025 | A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read. | ||
| CVE-2026-5119 | Med | 0.38 | 5.9 | 0.00 | Mar 30, 2026 | A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies,… | ||
| CVE-2025-9901 | Med | 0.38 | 5.9 | 0.00 | Sep 3, 2025 | A flaw was found in libsoup’s caching mechanism, SoupCache, where the HTTP Vary header is ignored when evaluating cached responses. This header ensures that responses vary appropriately based on request headers such as language or authentication. Without this check, cached… | ||
| CVE-2025-32051 | Med | 0.38 | 5.9 | 0.00 | Apr 3, 2025 | A flaw was found in libsoup. The libsoup soup_uri_decode_data_uri() function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service (DoS). | ||
| CVE-2025-32050 | Med | 0.38 | 5.9 | 0.01 | Apr 3, 2025 | A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read. | ||
| CVE-2026-4271 | Med | 0.35 | 5.3 | 0.01 | Mar 17, 2026 | A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This… | ||
| CVE-2026-0716 | Med | 0.31 | 4.8 | 0.00 | Jan 13, 2026 | A flaw was found in libsoup’s WebSocket frame processing when handling incoming messages. If a non-default configuration is used where the maximum incoming payload size is unset, the library may read memory outside the intended bounds. This can cause unintended memory exposure… | ||
| CVE-2025-4476 | Med | 0.28 | 4.3 | 0.00 | May 16, 2025 | A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 (Unauthorized) HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header.… | ||
| CVE-2026-2708 | Low | 0.24 | 3.7 | 0.00 | Apr 23, 2026 | A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_headers_append_common() function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate or conflicting Content-Length fields.… | ||
| CVE-2026-3633 | 0.00 | — | 0.00 | Mar 17, 2026 | A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the `soup_message_new()` function, could inject arbitrary headers and additional request data. This vulnerability, known as CRLF (Carriage Return Line Feed) injection, occurs because the… | |||
| CVE-2026-3634 | 0.00 | — | 0.00 | Mar 17, 2026 | A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header can inject a Carriage Return Line Feed (CRLF) sequence due to improper input sanitization in the `soup_message_headers_set_content_type()` function. This vulnerability allows for… |
- risk 0.66cvss 9.8epss 0.24
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this…
- risk 0.64cvss 9.8epss 0.04
The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.
- risk 0.56cvss 8.6epss 0.01
A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This…
- risk 0.49cvss 7.5epss 0.00
A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed…
- risk 0.49cvss 7.5epss 0.01
A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).
- risk 0.42cvss 6.5epss 0.00
A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the `soup_server_disconnect()` function frees connection objects prematurely, even if a TLS handshake is still pending. If the handshake completes after the connection…
- risk 0.42cvss 6.5epss 0.00
A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an application level denial of service.
- risk 0.42cvss 6.5epss 0.01
A vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of multipart HTTP messages. This can allow a remote attacker to send a specially crafted multipart HTTP body, causing the libsoup-consuming server to read…
- risk 0.42cvss 6.5epss 0.01
A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read.
- risk 0.42cvss 6.5epss 0.01
A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.
- risk 0.38cvss 5.9epss 0.00
A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies,…
- risk 0.38cvss 5.9epss 0.00
A flaw was found in libsoup’s caching mechanism, SoupCache, where the HTTP Vary header is ignored when evaluating cached responses. This header ensures that responses vary appropriately based on request headers such as language or authentication. Without this check, cached…
- risk 0.38cvss 5.9epss 0.00
A flaw was found in libsoup. The libsoup soup_uri_decode_data_uri() function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service (DoS).
- risk 0.38cvss 5.9epss 0.01
A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read.
- risk 0.35cvss 5.3epss 0.01
A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This…
- risk 0.31cvss 4.8epss 0.00
A flaw was found in libsoup’s WebSocket frame processing when handling incoming messages. If a non-default configuration is used where the maximum incoming payload size is unset, the library may read memory outside the intended bounds. This can cause unintended memory exposure…
- risk 0.28cvss 4.3epss 0.00
A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 (Unauthorized) HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header.…
- risk 0.24cvss 3.7epss 0.00
A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_headers_append_common() function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate or conflicting Content-Length fields.…
- CVE-2026-3633Mar 17, 2026risk 0.00cvss —epss 0.00
A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the `soup_message_new()` function, could inject arbitrary headers and additional request data. This vulnerability, known as CRLF (Carriage Return Line Feed) injection, occurs because the…
- CVE-2026-3634Mar 17, 2026risk 0.00cvss —epss 0.00
A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header can inject a Carriage Return Line Feed (CRLF) sequence due to improper input sanitization in the `soup_message_headers_set_content_type()` function. This vulnerability allows for…
Page 1 of 2