CVE-2018-12910Out-of-bounds Read in Libsoup

CWE-125Out-of-bounds Read10 documents8 sources
Severity
9.8CRITICALNVD
EPSS
4.2%
top 11.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Canonical Ubuntu LinuxDebian LinuxGnome Libsoup+6 more
Timeline
PublishedJul 5
Latest updateMay 14

Description

The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages6 packages

NVDgnome/libsoup2.63.2
NVDopensuse/leap15.0

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.10, 18.04, Openshift Container Platform 3.11

Patches

Patch: gitlab.gnome.orgPatch: gitlab.gnome.orgPatch: gitlab.gnome.org

🔴Vulnerability Details

3
GHSA
GHSA-wv8f-jq6c-45j5: The get_cookies function in soup-cookie-jar2022-05-14
CVEList
CVE-2018-12910: The get_cookies function in soup-cookie-jar2018-07-05
OSV
CVE-2018-12910: The get_cookies function in soup-cookie-jar2018-07-05

📋Vendor Advisories

3
Red Hat
libsoup: Crash in soup_cookie_jar.c:get_cookies() on empty hostnames2018-07-03
Ubuntu
libsoup vulnerability2018-07-03
Debian
CVE-2018-12910: libsoup2.4 - The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers...2018

💬Community

3
Bugzilla
CVE-2018-12910 mingw-libsoup: libsoup: Crash in soup_cookie_jar.c:get_cookies() on empty hostnames [fedora-all]2018-07-04
Bugzilla
CVE-2018-12910 libsoup: Crash in soup_cookie_jar.c:get_cookies() on empty hostnames2018-07-04
Bugzilla
CVE-2018-12910 libsoup: Crash in soup_cookie_jar.c:get_cookies() on empty hostnames [fedora-all]2018-07-04
CVE-2018-12910 — Out-of-bounds Read in Gnome Libsoup | cvebase