PT-2026-1977 · Gnome+2 · Libsoup+2

Treeplus

·

Published

2025-09-21

·

Updated

2026-03-13

·

CVE-2026-0719

CVSS v2.0

9.0

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:C
Name of the Vulnerable Software and Affected Versions libsoup (affected versions not specified)
Description A flaw exists in the NTLM authentication handling of the libsoup HTTP library. An improper use of signed integers during a size calculation when processing long passwords can lead to an integer overflow. This results in incorrect memory allocation on the stack and subsequent unsafe memory copying. This can cause applications using libsoup to crash, leading to a denial-of-service condition. A local attacker can exploit a stack-based buffer overflow in the md4sum() function when NTLM authentication is enabled, potentially allowing arbitrary code execution with the privileges of the affected application.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-121

Related Identifiers

ALSA-2026:2182
ALSA-2026:2215
ALSA-2026:2216
BDU:2026-04957
CVE-2026-0719
ECHO-367D-D143-E023
OESA-2026-1323
OESA-2026-1324
OESA-2026-1325
OESA-2026-1326
OPENSUSE-SU-2026:10040-1
OPENSUSE-SU-2026:10041-1
OPENSUSE-SU-2026:20142-1
OPENSUSE-SU-2026:20354-1
RHSA-2026:1948
RHSA-2026:2005
RHSA-2026:2006
RHSA-2026:2007
RHSA-2026:2008
RHSA-2026:2049
RHSA-2026:2182
RHSA-2026:2214
RHSA-2026:2215
RHSA-2026:2216
RHSA-2026:2396
RHSA-2026:2402
RHSA-2026:2512
RHSA-2026:2513
RHSA-2026:2514
RHSA-2026:2528
RHSA-2026:2529
RHSA-2026:2628
SUSE-SU-2026:0151-1
SUSE-SU-2026:0211-1
SUSE-SU-2026:0253-1
SUSE-SU-2026:0257-1
SUSE-SU-2026:0258-1
SUSE-SU-2026:0265-1
SUSE-SU-2026:20205-1
SUSE-SU-2026:20212-1
SUSE-SU-2026:20245-1
SUSE-SU-2026:20360-1

Affected Products

Debian
Rocky Linux
Libsoup