VYPR

Libsoup

by GNOME Foundation

Source repositories

CVEs (29)

  • CVE-2026-2443Feb 13, 2026
    risk 0.00cvss epss 0.00

    A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access…

  • CVE-2026-1539Jan 28, 2026
    risk 0.00cvss epss 0.00

    A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is…

  • CVE-2025-2784Apr 3, 2025
    risk 0.00cvss epss 0.01

    A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.

  • CVE-2024-52530Nov 11, 2024
    risk 0.00cvss epss 0.01

    GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.

  • CVE-2024-52532Nov 11, 2024
    risk 0.00cvss epss 0.01

    GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.

  • CVE-2024-52531Nov 11, 2024
    risk 0.00cvss epss 0.01

    GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. There is a plausible way to reach this remotely via soup_message_headers_get_content_type (e.g., an application may want to retrieve the…

  • CVE-2019-17266Oct 6, 2019
    risk 0.00cvss epss 0.03

    libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy.

  • CVE-2012-2132Aug 20, 2012
    risk 0.00cvss epss 0.02

    libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote attackers to bypass authentication by connecting with a SSL connection.

  • CVE-2011-2524Aug 31, 2011
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI.

Page 2 of 2