PT-2024-10074 · Gnome+11 · Gnome Libsoup+11
Published
2024-08-27
·
Updated
2025-09-04
·
CVE-2024-52531
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
GNOME libsoup versions prior to 3.6.1
Description
The issue is related to a buffer overflow in the
soup header parse param list strict() function of the GNOME libsoup library. This overflow occurs in dynamic memory and is associated with applications that perform conversion to UTF-8. Although initial reports suggested that input received over the network could not trigger this issue, further analysis indicates that it might be possible. The exploitation of this issue could allow an attacker to cause a denial of service.Recommendations
For versions prior to 3.6.1, update to version 3.6.1 or later to resolve the issue.
As a temporary workaround, consider restricting the use of the
soup header parse param list strict() function until a patch is available.Exploit
Fix
DoS
Memory Corruption
Heap Based Buffer Overflow
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Debian
Gnome Libsoup
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu