First published: Wed Nov 27 2024(Updated: )
It was discovered that libsoup ignored certain characters at the end of header names. A remote attacker could possibly use this issue to perform a HTTP request smuggling attack. (CVE-2024-52530) It was discovered that libsoup did not correctly handle memory while performing UTF-8 conversions. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2024-52531) It was discovered that libsoup could enter an infinite loop when reading certain websocket data. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-52532)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/libsoup-2.4-1 | <2.74.3-7ubuntu0.1 | 2.74.3-7ubuntu0.1 |
Ubuntu Ubuntu | =24.10 | |
All of | ||
ubuntu/libsoup-2.4-1 | <2.74.3-6ubuntu1.1 | 2.74.3-6ubuntu1.1 |
Ubuntu Ubuntu | =24.04 | |
All of | ||
ubuntu/libsoup2.4-1 | <2.74.2-3ubuntu0.1 | 2.74.2-3ubuntu0.1 |
Ubuntu Ubuntu | =22.04 | |
All of | ||
ubuntu/libsoup2.4-1 | <2.70.0-1ubuntu0.1 | 2.70.0-1ubuntu0.1 |
Ubuntu Ubuntu | =20.04 | |
All of | ||
ubuntu/libsoup2.4-1 | <2.62.1-1ubuntu0.4+esm1 | 2.62.1-1ubuntu0.4+esm1 |
Ubuntu Ubuntu | =18.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Contains the following vulnerabilities)