PT-2024-35360 · Gnome+11 · Gnome Libsoup+11

Published

2024-06-08

·

Updated

2025-09-03

·

CVE-2024-52530

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:C/A:N
Name of the Vulnerable Software and Affected Versions GNOME libsoup versions prior to 3.6.0
Description The issue allows HTTP request smuggling in some configurations because '0' characters at the end of header names are ignored. For example, a "Transfer-Encoding0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.
Recommendations For versions prior to 3.6.0, update to version 3.6.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of headers with '0' characters at the end of their names to minimize the risk of exploitation.

Exploit

Fix

HTTP Request/Response Smuggling

Weakness Enumeration

CWE-444

Related Identifiers

ALSA-2024:9559
ALSA-2024:9573
ALT-PU-2025-8157
ALT-PU-2025-8699
AZL-53036
AZL-53159
BDU:2025-06566
CESA-2024_9573
CVE-2024-52530
DLA-3992-1
INFSA-2024_9559
INFSA-2024_9573
MGASA-2024-0382
OESA-2024-2471
OESA-2024-2531
OPENSUSE-SU-2024:14489-1
OPENSUSE-SU-2024_4290-1
OPENSUSE-SU-2024_4349-1
OPENSUSE-SU-2024_4352-1
OPENSUSE-SU-2024_4355-1
RHSA-2024:9501
RHSA-2024:9524
RHSA-2024:9525
RHSA-2024:9559
RHSA-2024:9566
RHSA-2024:9570
RHSA-2024:9572
RHSA-2024:9573
RHSA-2024:9576
RHSA-2024:9654
RHSA-2024_9559
RHSA-2024_9573
RLSA-2024:9559
RLSA-2024:9573
ROSA-SA-2025-2558
SUSE-SU-2024:4290-1
SUSE-SU-2024:4349-1
SUSE-SU-2024:4352-1
SUSE-SU-2024:4355-1
SUSE-SU-2024:4365-1
SUSE-SU-2024_4290-1
SUSE-SU-2024_4349-1
SUSE-SU-2024_4352-1
SUSE-SU-2024_4355-1
SUSE-SU-2024_4365-1
SUSE-SU-2025:1518-1
SUSE-SU-2025:20105-1
SUSE-SU-2025:20252-1
SUSE-SU-2025_1518-1
USN-7126-1
USN-7127-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Gnome Libsoup
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu