Vulnerabilities for Libsoup (...) - CXSECURITY.COM

Vulnerabilities for 'Libsoup'

2019-10-06

CVE-2019-17266

CWE-125

libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy.

2018-07-05

CVE-2018-12910

CWE-125

The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.

2018-06-04

CVE-2018-11713

CWE-noinfo

WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection.

2018-04-24

CVE-2017-2885

CWE-119

An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability.

2012-08-20

CVE-2012-2132

CWE-287

libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote attackers to bypass authentication by connecting with a SSL connection.

2011-08-31

CVE-2011-2524

CWE-22

Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI.

>>> Vendor: Gnome 89 Products

Dwarf http server

Nautilus-python

Evolution-data-server

Ifcfg-rh plug-in

Update-manager-core

Gnome display manager

Gnome online accounts

Network manager vpnc

Gnome-system-log

Gnome-font-viewer

Evolution data server

Glib-networking

Copyright 2024, cxsecurity.com