libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy.
Max CVSS
9.8
EPSS Score
0.53%
Published
2019-10-06
Updated
2019-11-06
The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.
Max CVSS
9.8
EPSS Score
0.60%
Published
2018-07-05
Updated
2019-05-08
WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection.
Max CVSS
6.5
EPSS Score
0.13%
Published
2018-06-04
Updated
2019-10-03
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability.
Max CVSS
9.8
EPSS Score
0.41%
Published
2018-04-24
Updated
2022-06-07
libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote attackers to bypass authentication by connecting with a SSL connection.
Max CVSS
5.0
EPSS Score
0.60%
Published
2012-08-20
Updated
2017-08-29
Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI.
Max CVSS
5.0
EPSS Score
0.63%
Published
2011-08-31
Updated
2012-02-02
6 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!