PT-2026-58725 · Red Hat · Red Hat Enterprise Linux 10+4

Published

2026-07-14

·

Updated

2026-07-14

·

CVE-2026-15714

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
An out-of-bounds read vulnerability was found in libsoup's multipart processing subsystem. The flaw exists in the soup multipart input stream read headers() function inside soup-multipart-input-stream.c, which does not adequately restrict or validate the size of incoming multipart boundary strings. When processing a crafted HTTP response containing a malformed or oversized boundary parameter, the internal stream reader reads past the allocated buffer bounds. A remote, unauthenticated attacker can exploit this behavior to cause a service denial (DoS) through application failure or potentially read fragments of unauthorized memory metadata.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-15714

Affected Products

Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9