Threat Intelligence Database

A security vulnerability (CVE-2024-52530) affecting the libsoup HTTP client and server library for GNOME has been identified. The issue involves HTTP request smuggling caused by the improper handling of null bytes at the ends of header names. Red Hat has issued a security advisory (RHSA-2024:9566) addressing this vulnerability with an update for Red Hat Enterprise Linux 8.4 variants. The vulnerability is rated as having an important security impact by Red Hat and is considered high severity in this analysis. No known exploits in the wild have been reported. Users of affected Red Hat Enterprise Linux 8.4 packages should apply the provided update to remediate the issue.

Two security vulnerabilities have been identified in the libsoup HTTP client and server library for GNOME, used in Red Hat Enterprise Linux 8. The first vulnerability (CVE-2024-52532) causes an infinite loop when reading websocket data. The second vulnerability (CVE-2024-52530) allows HTTP request smuggling by stripping null bytes from the ends of header names. Red Hat has released an important security update addressing these issues in libsoup version 2.62.3-6.el8_10 for multiple architectures. Users of affected Red Hat Enterprise Linux 8 versions should apply the update to mitigate these vulnerabilities.

A buffer overflow vulnerability exists in the libsoup library used by GNOME, specifically in the UTF-8 conversion function soup_header_parse_param_list_strict (CVE-2024-52531). This vulnerability affects Red Hat Enterprise Linux 8.8 Extended Update Support versions. Red Hat has released an important security update to address this issue.

Two security vulnerabilities have been identified in the libsoup HTTP client and server library for GNOME, affecting Red Hat Enterprise Linux 8. These include an integer overflow in cookie expiration date handling (CVE-2025-4945) and an out-of-bounds read in cookie date handling (CVE-2025-11021). Red Hat has issued a security advisory with updated libsoup packages to address these issues. The update is rated as important by Red Hat Product Security. Users of affected Red Hat Enterprise Linux 8 versions should apply the provided update to remediate these vulnerabilities.

Two security vulnerabilities have been identified in the libsoup HTTP client and server library for GNOME, specifically an integer overflow and an out-of-bounds read in cookie expiration date handling. These issues affect Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Extended Update Support Extension 8.8. Red Hat has released updated libsoup packages to address these vulnerabilities.

Two security vulnerabilities have been identified in the libsoup HTTP client and server library for GNOME, specifically an integer overflow and an out-of-bounds read in cookie expiration date handling. These issues affect Red Hat Enterprise Linux 8.4 variants. Red Hat has issued a security advisory with updated libsoup packages to address these vulnerabilities.

Two security vulnerabilities have been identified in the libsoup HTTP client and server library used in GNOME. These include an integer overflow in cookie expiration date handling (CVE-2025-4945) and an out-of-bounds read in cookie date handling (CVE-2025-11021). Red Hat has issued an important security advisory providing updated libsoup packages to address these issues in Red Hat Enterprise Linux 8.2. The vulnerabilities relate to improper handling of cookie date values, which could potentially lead to memory corruption or other unintended behavior. Users of affected Red Hat Enterprise Linux versions should apply the provided updates to mitigate these risks.

Multiple security vulnerabilities have been identified in the libsoup HTTP client and server library for GNOME, affecting Red Hat Enterprise Linux 8. These include heap buffer over-read, denial of service via websocket server, out-of-bounds read causing process crash, and integer underflow leading to denial of service. Red Hat has issued an important security advisory with updates to address these issues.

Multiple security vulnerabilities have been identified in the libsoup HTTP client and server library for GNOME, affecting Red Hat Enterprise Linux 8.8 Extended Update Support. The issues include a heap buffer over-read, denial of service attacks via websocket server and integer underflow, and out-of-bounds read leading to process crashes. Red Hat has released an important security update addressing these vulnerabilities.

Multiple security vulnerabilities have been identified in the libsoup HTTP client and server library for GNOME, affecting Red Hat Enterprise Linux 8.6 variants. These include a heap buffer over-read, denial of service (DoS) attacks via websocket server and integer underflow, and an out-of-bounds read leading to process crashes. Red Hat has issued an important security advisory with updated libsoup packages to address these issues.