First published: Mon Nov 11 2024(Updated: )
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
debian/libsoup2.4 | <=2.72.0-2<=2.74.3-1<=2.74.3-8 | |
debian/libsoup3 | <=3.2.2-2 | 3.6.1-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.