INFSA-2024:9573: libsoup security update
Information about definition
Identificator: INFSA-2024:9573
Type: security
Release date: 2024-12-13 11:31:29 UTC
Information about package
The libsoup packages provide an HTTP client and server library for GNOME.
Vulnerabilities description
- CVE-2024-52530
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.
- CVE-2024-52532
GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-52530
|
no information | 7.5 | no information |
|
NIST — CVE-2024-52532
|
no information | 7.5 | no information |
Updated packages