Red Hat Security Advisory: libsoup security update
Two security vulnerabilities have been identified in the libsoup HTTP client and server library for GNOME, used in Red Hat Enterprise Linux 8. The first vulnerability (CVE-2024-52532) causes an infinite loop when reading websocket data. The second vulnerability (CVE-2024-52530) allows HTTP request smuggling by stripping null bytes from the ends of header names. Red Hat has released an important security update addressing these issues in libsoup version 2.62.3-6.el8_10 for multiple architectures. Users of affected Red Hat Enterprise Linux 8 versions should apply the update to mitigate these vulnerabilities.
AI Analysis
Technical Summary
The libsoup library, which provides HTTP client and server functionality for GNOME, contains two security flaws. CVE-2024-52532 is an infinite loop vulnerability triggered during websocket data processing. CVE-2024-52530 is an HTTP request smuggling vulnerability caused by improper handling of null bytes at the ends of HTTP header names. These vulnerabilities have been fixed in Red Hat Enterprise Linux 8 by updating libsoup to version 2.62.3-6.el8_10. The update is available for multiple architectures including x86_64, s390x, ppc64le, and aarch64. Red Hat rates the security impact as Important and provides detailed update instructions in their advisory RHSA-2024:9573.
Potential Impact
Successful exploitation of CVE-2024-52532 could cause an infinite loop when libsoup processes websocket data, potentially leading to denial of service. CVE-2024-52530 enables HTTP request smuggling by stripping null bytes from header names, which could allow attackers to interfere with HTTP request parsing and potentially bypass security controls or cause unexpected behavior. Both vulnerabilities affect applications using libsoup on Red Hat Enterprise Linux 8. The overall security impact is rated Important by Red Hat.
Mitigation Recommendations
Red Hat has released an official security update fixing these vulnerabilities in libsoup version 2.62.3-6.el8_10 for Red Hat Enterprise Linux 8. Users should apply this update promptly following Red Hat's published guidance at https://access.redhat.com/articles/11258. No additional mitigation steps are indicated beyond applying the official patch. Patch status is confirmed as fixed in the updated libsoup packages provided by Red Hat.
Red Hat Security Advisory: libsoup security update
Description
Two security vulnerabilities have been identified in the libsoup HTTP client and server library for GNOME, used in Red Hat Enterprise Linux 8. The first vulnerability (CVE-2024-52532) causes an infinite loop when reading websocket data. The second vulnerability (CVE-2024-52530) allows HTTP request smuggling by stripping null bytes from the ends of header names. Red Hat has released an important security update addressing these issues in libsoup version 2.62.3-6.el8_10 for multiple architectures. Users of affected Red Hat Enterprise Linux 8 versions should apply the update to mitigate these vulnerabilities.
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The libsoup library, which provides HTTP client and server functionality for GNOME, contains two security flaws. CVE-2024-52532 is an infinite loop vulnerability triggered during websocket data processing. CVE-2024-52530 is an HTTP request smuggling vulnerability caused by improper handling of null bytes at the ends of HTTP header names. These vulnerabilities have been fixed in Red Hat Enterprise Linux 8 by updating libsoup to version 2.62.3-6.el8_10. The update is available for multiple architectures including x86_64, s390x, ppc64le, and aarch64. Red Hat rates the security impact as Important and provides detailed update instructions in their advisory RHSA-2024:9573.
Potential Impact
Successful exploitation of CVE-2024-52532 could cause an infinite loop when libsoup processes websocket data, potentially leading to denial of service. CVE-2024-52530 enables HTTP request smuggling by stripping null bytes from header names, which could allow attackers to interfere with HTTP request parsing and potentially bypass security controls or cause unexpected behavior. Both vulnerabilities affect applications using libsoup on Red Hat Enterprise Linux 8. The overall security impact is rated Important by Red Hat.
Mitigation Recommendations
Red Hat has released an official security update fixing these vulnerabilities in libsoup version 2.62.3-6.el8_10 for Red Hat Enterprise Linux 8. Users should apply this update promptly following Red Hat's published guidance at https://access.redhat.com/articles/11258. No additional mitigation steps are indicated beyond applying the official patch. Patch status is confirmed as fixed in the updated libsoup packages provided by Red Hat.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2024:9573
- Cve Count
- 2
- Additional Cves
- ["CVE-2024-52532"]
- Cvss Version
- null
Threat ID: 6a3da1eb4853345fc183027f
Added to database: 06/25/2026, 21:47:23 UTC
Last enriched: 06/25/2026, 22:38:59 UTC
Last updated: 06/26/2026, 19:21:50 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.