Libsoup
CVE-2024-52532
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from Vendor (mitre) · only source for this CVE.
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.
AnalysisAI
GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-835. GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients. Affected products include: Gnome Libsoup. Version information: before 3.6.1.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of he
A flaw was found in libsoup. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authenticati
GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_pars
The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty
libsoup versions prior to the patched release contain an integer underflow vulnerability in zero-length resource process
WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKit
libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, w
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today