Skip to main content

Red Hat CVE-2026-2443

MEDIUM
Out-of-bounds Read (CWE-125)
2026-02-13 secalert@redhat.com
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
SUSE
MEDIUM
qualitative
Red Hat
5.3 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

3
Patch released
Apr 09, 2026 - 20:30 nvd
Patch available
Analysis Generated
Mar 12, 2026 - 22:02 vuln.today
CVE Published
Feb 13, 2026 - 12:16 nvd
MEDIUM 5.3

DescriptionCVE.org

A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server memory beyond the intended response. Exploitation requires a vulnerable configuration and access to a server using the embedded SoupServer component.

AnalysisAI

libsoup's improper validation of HTTP Range headers enables remote attackers to read sensitive server memory when processing specially crafted requests against vulnerable SoupServer instances. The flaw affects GNOME-based systems using certain build configurations and requires no authentication or user interaction. No patch is currently available, and exploitation likelihood remains low at 0.1% EPSS.

Technical ContextAI

Classified as CWE-125 (Out-of-bounds Read). A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server memory beyond the intended response. Exploitation requires a vulnerable configuration and access to a server using the embedded SoupServer component.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
Container suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.53 Container suse/sl-micro/6.0/toolbox:13.2-9.12 Affected
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production Affected
SUSE Linux Enterprise Desktop 15 SP7 SUSE Linux Enterprise High Performance Computing 15 SP7 SUSE Linux Enterprise Module for Basesystem 15 SP7 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS Fixed
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS Fixed

Share

CVE-2026-2443 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy