CVE-2026-2369
published 2026-03-19CVE-2026-2369: A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This…
critical9.1CVSS 3.1
AVNACLPRNUINSUCHINAH
A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an application level denial of service.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libsoup2.4 | < libsoup3 3.6.6-1 (forky) | libsoup3 3.6.6-1 (forky) |
| debian | libsoup3 | < libsoup3 3.6.6-1 (forky) | libsoup3 3.6.6-1 (forky) |
| msrc | azl3_libsoup_3.4.4-12_on_azure_linux_3.0 | — | — |
| msrc | cbl2_libsoup_3.0.4-12_on_cbl_mariner_2.0 | — | — |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
osv6.5MEDIUM