CVE-2019-17266Out-of-bounds Read in Libsoup

CWE-125Out-of-bounds Read11 documents8 sources
Severity
9.8CRITICALNVD
EPSS
0.9%
top 23.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Gnome LibsoupCanonical Ubuntu Linux
Timeline
PublishedOct 6
Latest updateMay 24

Description

libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDgnome/libsoup2.65.12.66.4+1

Also affects: Ubuntu Linux 18.04, 19.04

🔴Vulnerability Details

3
GHSA
GHSA-wcxh-xxc8-v5j8: libsoup through 22022-05-24
OSV
CVE-2019-17266: libsoup from versions 22019-10-06
CVEList
CVE-2019-17266: libsoup from versions 22019-10-06

📋Vendor Advisories

3
Ubuntu
libsoup vulnerability2019-10-09
Red Hat
libsoup: heap-based over-read in soup_ntlm_parse_challenge() in soup-auth-ntlm.c2019-10-06
Debian
CVE-2019-17266: libsoup2.4 - libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read bec...2019

💬Community

4
Bugzilla
CVE-2019-17266 mingw-libsoup: libsoup: heap-based over-read in soup_ntlm_parse_challenge() in soup-auth-ntlm.c [fedora-all]2019-11-12
Bugzilla
CVE-2019-17266 mingw-libsoup: libsoup: heap-based over-read in soup_ntlm_parse_challenge() in soup-auth-ntlm.c [epel-7]2019-11-12
Bugzilla
CVE-2019-17266 libsoup: heap-based over-read in soup_ntlm_parse_challenge() in soup-auth-ntlm.c2019-11-12
Bugzilla
CVE-2019-17266 libsoup: heap-based over-read in soup_ntlm_parse_challenge() in soup-auth-ntlm.c [fedora-all]2019-11-12
CVE-2019-17266 — Out-of-bounds Read in Gnome Libsoup | cvebase