PT-2026-57999 · Red Hat · Red Hat Enterprise Linux 10
Published
2026-07-14
·
Updated
2026-07-14
·
CVE-2026-12478
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L |
The fix for CVE-2026-0716 (commit 6ff7ef0, libsoup 3.6.6) placed the integer overflow guard inside the if (masked) block, leaving unmasked server-to-client frames unprotected. A malicious WebSocket server can send a crafted unmasked frame with a payload length near UINT64 MAX to trigger an OOB read in a libsoup-based client when max incoming payload size is set to 0.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Red Hat Enterprise Linux 10