PT-2026-25895 · Libsoup · Libsoup

Fouzhe

Publicado

2026-01-01

Atualizado

2026-06-09

CVE-2026-4271

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions libsoup (affected versions not specified)

Description A Use-After-Free flaw exists in the libsoup library, specifically within the HTTP/2 server implementation. A remote attacker can exploit this by sending crafted HTTP/2 requests that trigger authentication failures. This can lead to the application attempting to access freed memory, potentially causing application instability, crashes, and a Denial of Service (DoS). The vulnerability affects applications relying on libsoup for handling HTTP requests.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALSA-2026:15968

ALSA-2026:19143

BDU:2026-04362

CVE-2026-4271

ECHO-8792-9C43-A7BA

OPENSUSE-SU-2026:10911-1

RHSA-2026:15968

RHSA-2026:17482

RHSA-2026:19143

SUSE-SU-2026:21998-1

SUSE-SU-2026:2314-1

Produtos afetados

Libsoup

PT-2026-25895 · Libsoup · Libsoup

CVE-2026-4271

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 40