Ahmed Lekssays

**Name of the Vulnerable Software and Affected Versions** libsoup (affected versions not specified) **Description** An HTTP Request Smuggling issue exists in libsoup, an HTTP client/server library. The problem stems from non-RFC-compliant parsing within the `soup filter input stream read line()` function, specifically related to handling chunk headers. The library accepts improperly formatted chunk headers, such as those containing only a line feed (LF) character instead of the required carriage return and line feed (CRLF) sequence. An attacker can exploit this remotely without needing authentication or user interaction by sending crafted chunked requests. This allows the parsing and processing of multiple HTTP requests from a single network message, potentially resulting in information disclosure. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libxml2 (affected versions not specified) Red Hat Enterprise Linux versions 6 through 10 Red Hat JBoss Core Services (affected versions not specified) Red Hat OpenShift Container Platform 4 (affected versions not specified) **Description** A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input. **Recommendations** For libxml2, consider disabling the `xmlBuildQName` function until a patch is available. For Red Hat Enterprise Linux versions 6 through 10, update to a version that includes the fix for this issue. For Red Hat JBoss Core Services, restrict access to the vulnerable `xmlBuildQName` function to minimize the risk of exploitation. For Red Hat OpenShift Container Platform 4, avoid using the `xmlBuildQName` function in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** xmllint (affected versions not specified) **Description** A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions:** php7.4 php8.2 **Description:** The software contains package vulnerabilities. These issues were addressed in the php8-8.4.10-1.1 package on openSUSE Tumbleweed. **Recommendations:** Update to php8-8.4.10-1.1 on openSUSE Tumbleweed.