PT-2017-3738 · Gnome+5 · Gnome Libsoup+5

Published

2017-08-02

·

Updated

2024-06-15

·

CVE-2017-2885

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: GNOME libsoup versions 2.51.3 through 2.58
Description: A stack-based buffer overflow vulnerability exists in the GNOME libsoup library, allowing remote code execution through a specially crafted HTTP request. The vulnerability is caused by the oup body input stream read chunked function in libsoup/soup-body-input-stream.c. An attacker can exploit this issue by sending a special HTTP request to the vulnerable server, potentially leading to remote code execution or denial of service.
Recommendations: For GNOME libsoup versions 2.51.3 through 2.58, consider disabling the oup body input stream read chunked function as a temporary workaround until a patch is available. Restrict access to the vulnerable library to minimize the risk of exploitation. Avoid using the vulnerable library in sensitive environments until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Stack Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-787

Related Identifiers

ALT-PU-2017-2062
BDU:2019-00226
CESA-2017_2459
CVE-2017-2885
DSA-3929-1
MGASA-2017-0272
OPENSUSE-SU-2017_2153-1
OPENSUSE-SU-2018_2296-1
OPENSUSE-SU-2024:10994-1
RHSA-2017:2459
RHSA-2017_2459
SUSE-SU-2017:2129-1
SUSE-SU-2017:2130-1
SUSE-SU-2017_2129-1
SUSE-SU-2017_2130-1
SUSE-SU-2018:2204-1
SUSE-SU-2018:2204-2
SUSE-SU-2018_2204-1
SUSE-SU-2018_2204-2
USN-3383-1

Affected Products

Alt Linux
Centos
Gnome Libsoup
Red Hat
Suse
Ubuntu