Vulnerabilities > Gnome > Libsoup

DATE CVE VULNERABILITY TITLE RISK
2019-10-06 CVE-2019-17266 Out-of-bounds Read vulnerability in multiple products
libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy.
network
low complexity
gnome canonical CWE-125
critical
9.8
2018-07-05 CVE-2018-12910 Out-of-bounds Read vulnerability in multiple products
The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.
network
low complexity
gnome canonical debian redhat opensuse CWE-125
critical
9.8
2018-06-04 CVE-2018-11713 WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections.
network
low complexity
webkitgtk gnome
6.5
2018-04-24 CVE-2017-2885 Out-of-bounds Write vulnerability in multiple products
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58.
network
low complexity
gnome debian redhat CWE-787
critical
9.8