VYPR

Libsoup

by Libsoup

CVEs (27)

  • CVE-2026-3632Mar 17, 2026
    risk 0.00cvss epss 0.00

    A flaw was found in libsoup, a library used by applications to send network requests. This vulnerability occurs because libsoup does not properly validate hostnames, allowing special characters to be injected into HTTP headers. A remote attacker could exploit this to perform…

  • CVE-2026-3099Mar 12, 2026
    risk 0.00cvss epss 0.00

    A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count (nc) attribute. This vulnerability allows a remote attacker to capture a…

  • CVE-2026-1801Feb 3, 2026
    risk 0.00cvss epss 0.00

    A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in the soup_filter_input_stream_read_line() logic, where libsoup accepts malformed chunk headers, such as lone line feed (LF) characters…

  • CVE-2026-1467Jan 27, 2026
    risk 0.00cvss epss 0.00

    A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF (Carriage Return Line Feed) Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can…

  • CVE-2011-2524Aug 31, 2011
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI.

  • CVE-2009-0585Mar 14, 2009
    risk 0.00cvss epss 0.04

    Integer overflow in the soup_base64_encode function in soup-misc.c in libsoup 2.x.x before 2.2.x, and 2.x before 2.24, allows context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation.

  • CVE-2006-5876Jan 16, 2007
    risk 0.00cvss epss 0.03

    The soup_headers_parse function in soup-headers.c for libsoup HTTP library before 2.2.99 allows remote attackers to cause a denial of service (crash) via malformed HTTP headers, probably involving missing fields or values.

Page 2 of 2