CVE-2011-2524 — Path Traversal in Libsoup

CWE-22 — Path Traversal9 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

0.6%

top 30.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome Libsoup

Timeline

PublishedAug 31

Latest updateMay 17

Description

Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDgnome/libsoup2.35.3+73

Patches

Patch: bugzilla.gnome.org ↗Patch: bugzilla.gnome.org ↗

🔴Vulnerability Details

GHSA

GHSA-xm6g-x36q-hxpx: Directory traversal vulnerability in soup-uri↗2022-05-17

▶

CVEList

CVE-2011-2524: Directory traversal vulnerability in soup-uri↗2011-08-31

▶

OSV

CVE-2011-2524: Directory traversal vulnerability in soup-uri↗2011-08-31

▶

📋Vendor Advisories

Red Hat

libsoup: SoupServer directory traversal flaw↗2011-07-28

▶

Ubuntu

libsoup vulnerability↗2011-07-28

▶

Debian

CVE-2011-2524: libsoup2.4 - Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before ...↗2011

▶

💬Community

Bugzilla

CVE-2011-2524 libsoup: SoupServer directory traversal flaw [fedora-all]↗2011-07-28

▶

Bugzilla

CVE-2011-2524 libsoup: SoupServer directory traversal flaw↗2011-07-11

▶