First published: Wed Nov 27 2024(Updated: )
It was discovered that libsoup ignored certain characters at the end of header names. A remote attacker could possibly use this issue to perform a HTTP request smuggling attack. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-52530) It was discovered that libsoup did not correctly handle memory while performing UTF-8 conversions. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2024-52531) It was discovered that libsoup could enter an infinite loop when reading certain websocket data. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-52532)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/libsoup-3.0-0 | <3.6.0-2ubuntu0.1 | 3.6.0-2ubuntu0.1 |
Ubuntu Ubuntu | =24.10 | |
All of | ||
ubuntu/libsoup-3.0-0 | <3.4.4-5ubuntu0.1 | 3.4.4-5ubuntu0.1 |
Ubuntu Ubuntu | =24.04 | |
All of | ||
ubuntu/libsoup-3.0-0 | <3.0.7-0ubuntu1+esm1 | 3.0.7-0ubuntu1+esm1 |
Ubuntu Ubuntu | =22.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Contains the following vulnerabilities)