CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-17266
https://notcve.org/view.php?id=CVE-2019-17266
libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy. libsoup desde las versiones 2.65.1 hasta 2.68.1 presenta una lectura excesiva de búfer en la región heap de la memoria porque la función soup_ntlm_parse_challenge() en el archivo soup-auth-ntlm.c no comprueba apropiadamente la longitud de un mensaje NTLM antes del procesamiento con una memcpy. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941912 https://github.com/Kirin-say/Vulnerabilities/blob/master/CVE-2019-17266_POC.md https://gitlab.gnome.org/GNOME/libsoup/commit/88b7dff4467f4151afae244ea7d1223753cd05ab https://gitlab.gnome.org/GNOME/libsoup/commit/f8a54ac85eec2008c85393f331cdd251af8266ad https://gitlab.gnome.org/GNOME/libsoup/issues/173 https://security-tracker.debian.org/tracker/CVE-2019-17266 https://usn.ubuntu.com/4152-1 https://www.mail-archive.com/debian-bugs-dist%40lists.debian. • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 13EXPL: 0CVE-2018-12910 – libsoup: Crash in soup_cookie_jar.c:get_cookies() on empty hostnames
https://notcve.org/view.php?id=CVE-2018-12910
The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname. La función get_cookies en soup-cookie-jar.c en libsoup 2.63.2 permite que los atacantes provoquen un impacto no especificado mediante un nombre de host vacío. An out-of-bounds read has been discovered in libsoup when getting cookies from a URI with empty hostname. An attacker may use this flaw to cause a crash in the application. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00003.html https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3140 https://access.redhat.com/errata/RHSA-2018:3505 https://gitlab.gnome.org/GNOME/gnome-sdk-images/commit/4215b8a21b3b3055e947312a8920df94f93ba047 https://gitlab.gnome.org/GNOME/libsoup/commit/db2b0d5809d5f8226d47312b40992cadbcde439f https://gitlab.gnome.org/GNOME/libsoup/issues/3 https://lists.debian.org/debian-lts-announce/2018/07/msg00007. • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-11713 – webkitgtk: WebSockets don't use system proxy settings
https://notcve.org/view.php?id=CVE-2018-11713
WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection. WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp en el backend de red de WebKit, tal y como se emplea en WebKitGTK+ en versiones anteriores a la 2.20.0 o sin libsoup 2.62.0, falló inesperadamente a la hora de emplear las opciones de proxy del sistema para las conexiones WebSocket. Como resultado, los usuarios pueden perder su anonimato mediante sitios web manipulados a los que se accede a través de una conexión WebSocket. • https://bugs.webkit.org/show_bug.cgi?id=126384 https://security.gentoo.org/glsa/201808-04 https://trac.webkit.org/changeset/228088/webkit https://access.redhat.com/security/cve/CVE-2018-11713 https://bugzilla.redhat.com/show_bug.cgi?id=1588739 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 3CVE-2017-2885 – libsoup: Stack based buffer overflow with HTTP Chunked Encoding
https://notcve.org/view.php?id=CVE-2017-2885
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability. Existe una vulnerabilidad explotable de desbordamiento de búfer basado en pila en GNOME libsoup 2.58. Una petición HTTP especialmente manipulada puede provocar un desbordamiento de pila que daría lugar a la ejecución remota de código. • http://packetstormsecurity.com/files/160388/ProCaster-LE-32F430-GStreamer-souphttpsrc-libsoup-2.51.3-Stack-Overflow.html http://seclists.org/fulldisclosure/2020/Dec/3 http://www.securityfocus.com/bid/100258 https://access.redhat.com/errata/RHSA-2017:2459 https://www.debian.org/security/2017/dsa-3929 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0392 https://access.redhat.com/security/cve/CVE-2017-2885 https://bugzilla.redhat.com/show_bug.cgi?id=1479281 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2012-2132
https://notcve.org/view.php?id=CVE-2012-2132
libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote attackers to bypass authentication by connecting with a SSL connection. libsoup v2.32.2 y anteriores no valida los certificados o elimina el indicador de 'confiable' cuando el archivo ssl-ca-file no existe, lo que permite a atacantes remotos evitar la autenticación mediante el uso de una conexión SSL. • http://www.openwall.com/lists/oss-security/2012/04/24/13 http://www.openwall.com/lists/oss-security/2012/04/24/3 http://www.openwall.com/lists/oss-security/2012/04/30/7 http://www.openwall.com/lists/oss-security/2012/05/02/8 http://www.securityfocus.com/bid/53232 https://bugzilla.gnome.org/show_bug.cgi?id=666280 https://exchange.xforce.ibmcloud.com/vulnerabilities/75167 • CWE-287: Improper Authentication •