CVE-2009-0585

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions libsoup versions 2.x.x before 2.2.x libsoup versions 2.x before 2.24

Description The issue is related to an integer overflow in the soup base64 encode function, which allows context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation. This can lead to a disruption of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be done remotely.

Recommendations For libsoup versions 2.x.x before 2.2.x: Update to version 2.2.x or later to resolve the issue. For libsoup versions 2.x before 2.24: Update to version 2.24 or later to resolve the issue. As a temporary workaround, consider restricting access to the soup base64 encode function until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

BDU:2015-01325

BDU:2015-01326

BDU:2015-02179

BDU:2015-07379

BDU:2015-07380

BDU:2015-07381

BDU:2015-07382

BDU:2015-08490

BDU:2015-08491

BDU:2015-08492

BDU:2015-08493

CVE-2009-0585

DSA-1748-1

RHSA-2009:0344

RHSA-2009_0344

Affected Products

Red Hat

Libsoup

CVE-2009-0585

Weakness Enumeration

Related Identifiers

Affected Products

References · 35