Summary
| Detail | |||
|---|---|---|---|
| Vendor | Gnome | First view | 2011-08-31 |
| Product | Libsoup | Last view | 2025-04-03 |
| Version | 2.23.91 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:gnome:libsoup | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 6.5 | 2025-04-03 | CVE-2025-2784 | A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server. |
| 9.8 | 2019-10-06 | CVE-2019-17266 | libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy. |
| 6.5 | 2018-06-04 | CVE-2018-11713 | WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection. |
| 5 | 2011-08-31 | CVE-2011-2524 | Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (1) | CWE-125 | Out-of-bounds Read |
| 50% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 74135 | libsoup SoupServer soup-uri.c HTTP Request Parsing Traversal Arbitrary File A... |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-08-03 | Name : Mandriva Update for libsoup MDVSA-2012:036 (libsoup) File : nvt/gb_mandriva_MDVSA_2012_036.nasl |
| 2012-07-09 | Name : RedHat Update for libsoup RHSA-2011:1102-01 File : nvt/gb_RHSA-2011_1102-01_libsoup.nasl |
| 2012-02-11 | Name : Debian Security Advisory DSA 2369-1 (libsoup2.4) File : nvt/deb_2369_1.nasl |
| 2011-09-27 | Name : Fedora Update for libsoup FEDORA-2011-9820 File : nvt/gb_fedora_2011_9820_libsoup_fc14.nasl |
| 2011-08-12 | Name : Fedora Update for libsoup FEDORA-2011-9763 File : nvt/gb_fedora_2011_9763_libsoup_fc15.nasl |
| 2011-08-02 | Name : Ubuntu Update for libsoup2.4 USN-1181-1 File : nvt/gb_ubuntu_USN_1181_1.nasl |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2018-08-23 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201808-04.nasl - Type: ACT_GATHER_INFO |
| 2015-01-19 | Name: The remote Solaris system is missing a security patch for third-party software. File: solaris11_libsoup_20120918.nasl - Type: ACT_GATHER_INFO |
| 2014-12-15 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201412-09.nasl - Type: ACT_GATHER_INFO |
| 2014-06-13 | Name: The remote openSUSE host is missing a security update. File: suse_11_3_libsoup-2_4-1-110729.nasl - Type: ACT_GATHER_INFO |
| 2014-06-13 | Name: The remote openSUSE host is missing a security update. File: suse_11_4_libsoup-2_4-1-110729.nasl - Type: ACT_GATHER_INFO |
| 2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2011-1102.nasl - Type: ACT_GATHER_INFO |
| 2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20110728_libsoup_on_SL6_x.nasl - Type: ACT_GATHER_INFO |
| 2012-03-26 | Name: The remote Mandriva Linux host is missing one or more security updates. File: mandriva_MDVSA-2012-036.nasl - Type: ACT_GATHER_INFO |
| 2012-01-12 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-2369.nasl - Type: ACT_GATHER_INFO |
| 2011-09-26 | Name: The remote Fedora host is missing a security update. File: fedora_2011-9820.nasl - Type: ACT_GATHER_INFO |
| 2011-08-08 | Name: The remote Fedora host is missing a security update. File: fedora_2011-9763.nasl - Type: ACT_GATHER_INFO |
| 2011-08-08 | Name: The remote SuSE 11 host is missing one or more security updates. File: suse_11_libsoup-110731.nasl - Type: ACT_GATHER_INFO |
| 2011-07-29 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2011-1102.nasl - Type: ACT_GATHER_INFO |
| 2011-07-29 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-1181-1.nasl - Type: ACT_GATHER_INFO |
| 1999-11-05 | Name: The remote web server is affected by a directory traversal vulnerability. File: web_traversal.nasl - Type: ACT_ATTACK |
