PT-2017-3738 · Gnome+5 · Gnome Libsoup+5

Publicado

2017-08-02

·

Atualizado

2024-06-15

·

CVE-2017-2885

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: GNOME libsoup versions 2.51.3 through 2.58
Description: A stack-based buffer overflow vulnerability exists in the GNOME libsoup library, allowing remote code execution through a specially crafted HTTP request. The vulnerability is caused by the oup body input stream read chunked function in libsoup/soup-body-input-stream.c. An attacker can exploit this issue by sending a special HTTP request to the vulnerable server, potentially leading to remote code execution or denial of service.
Recommendations: For GNOME libsoup versions 2.51.3 through 2.58, consider disabling the oup body input stream read chunked function as a temporary workaround until a patch is available. Restrict access to the vulnerable library to minimize the risk of exploitation. Avoid using the vulnerable library in sensitive environments until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Stack Overflow

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-121CWE-787

Identificadores relacionados

ALT-PU-2017-2062
BDU:2019-00226
CESA-2017_2459
CVE-2017-2885
DSA-3929-1
MGASA-2017-0272
OPENSUSE-SU-2017_2153-1
OPENSUSE-SU-2018_2296-1
OPENSUSE-SU-2024:10994-1
RHSA-2017:2459
RHSA-2017_2459
SUSE-SU-2017:2129-1
SUSE-SU-2017:2130-1
SUSE-SU-2017_2129-1
SUSE-SU-2017_2130-1
SUSE-SU-2018:2204-1
SUSE-SU-2018:2204-2
SUSE-SU-2018_2204-1
SUSE-SU-2018_2204-2
USN-3383-1

Produtos afetados

Alt Linux
Centos
Gnome Libsoup
Red Hat
Suse
Ubuntu