VYPR

Libsoup

by GNOME Foundation

Source repositories

CVEs (29)

  • CVE-2017-2885CriApr 24, 2018
    risk 0.66cvss 9.8epss 0.24

    An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this…

  • CVE-2018-12910CriJul 5, 2018
    risk 0.64cvss 9.8epss 0.04

    The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.

  • CVE-2026-0719HigJan 8, 2026
    risk 0.56cvss 8.6epss 0.01

    A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This…

  • CVE-2025-12105HigOct 23, 2025
    risk 0.49cvss 7.5epss 0.00

    A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed…

  • CVE-2025-32049HigApr 3, 2025
    risk 0.49cvss 7.5epss 0.01

    A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).

  • CVE-2026-2436MedMar 26, 2026
    risk 0.42cvss 6.5epss 0.00

    A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the `soup_server_disconnect()` function frees connection objects prematurely, even if a TLS handshake is still pending. If the handshake completes after the connection…

  • CVE-2026-2369MedMar 19, 2026
    risk 0.42cvss 6.5epss 0.00

    A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an application level denial of service.

  • CVE-2025-4969MedMay 21, 2025
    risk 0.42cvss 6.5epss 0.01

    A vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of multipart HTTP messages. This can allow a remote attacker to send a specially crafted multipart HTTP body, causing the libsoup-consuming server to read…

  • CVE-2025-32053MedApr 3, 2025
    risk 0.42cvss 6.5epss 0.01

    A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read.

  • CVE-2025-32052MedApr 3, 2025
    risk 0.42cvss 6.5epss 0.01

    A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.

  • CVE-2026-5119MedMar 30, 2026
    risk 0.38cvss 5.9epss 0.00

    A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies,…

  • CVE-2025-9901MedSep 3, 2025
    risk 0.38cvss 5.9epss 0.00

    A flaw was found in libsoup’s caching mechanism, SoupCache, where the HTTP Vary header is ignored when evaluating cached responses. This header ensures that responses vary appropriately based on request headers such as language or authentication. Without this check, cached…

  • CVE-2025-32051MedApr 3, 2025
    risk 0.38cvss 5.9epss 0.00

    A flaw was found in libsoup. The libsoup soup_uri_decode_data_uri() function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service (DoS).

  • CVE-2025-32050MedApr 3, 2025
    risk 0.38cvss 5.9epss 0.01

    A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read.

  • CVE-2026-4271MedMar 17, 2026
    risk 0.35cvss 5.3epss 0.01

    A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This…

  • CVE-2026-0716MedJan 13, 2026
    risk 0.31cvss 4.8epss 0.00

    A flaw was found in libsoup’s WebSocket frame processing when handling incoming messages. If a non-default configuration is used where the maximum incoming payload size is unset, the library may read memory outside the intended bounds. This can cause unintended memory exposure…

  • CVE-2025-4476MedMay 16, 2025
    risk 0.28cvss 4.3epss 0.00

    A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 (Unauthorized) HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header.…

  • CVE-2026-2708LowApr 23, 2026
    risk 0.24cvss 3.7epss 0.00

    A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_headers_append_common() function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate or conflicting Content-Length fields.…

  • CVE-2026-3633Mar 17, 2026
    risk 0.00cvss epss 0.00

    A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the `soup_message_new()` function, could inject arbitrary headers and additional request data. This vulnerability, known as CRLF (Carriage Return Line Feed) injection, occurs because the…

  • CVE-2026-3634Mar 17, 2026
    risk 0.00cvss epss 0.00

    A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header can inject a Carriage Return Line Feed (CRLF) sequence due to improper input sanitization in the `soup_message_headers_set_content_type()` function. This vulnerability allows for…

Page 1 of 2