CVE-2026-2443 โ€” Out-of-bounds Read in Redhat Enterprise Linux

CWE-125 โ€” Out-of-bounds Read8 documents8 sources
Severity
5.3MEDIUMNVD
EPSS
0.0%
top 89.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Enterprise Linux
Timeline
PublishedFeb 13

Description

A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server memory beyond the intended response. Exploitation requires a vulnerable configuration and access to a server using the embedded SoupServer component.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages0 packages

Also affects: Enterprise Linux 10.0, 6.0, 7.0, 8.0, 9.0

๐Ÿ”ดVulnerability Details

3
GHSA
GHSA-hg24-p7xv-jhq8: A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systemsโ†—2026-02-13
โ–ถ
CVEList
Libsoup: out-of-bounds read in libsoup handle_partial_get() leading to heap information disclosureโ†—2026-02-13
โ–ถ
OSV
CVE-2026-2443: A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systemsโ†—2026-02-13
โ–ถ

๐Ÿ“‹Vendor Advisories

3
Red Hat
libsoup: Out-of-Bounds Read in libsoup handle_partial_get() Leading to Heap Information Disclosureโ†—2026-02-13
โ–ถ
Microsoft
Libsoup: out-of-bounds read in libsoup handle_partial_get() leading to heap information disclosureโ†—2026-02-10
โ–ถ
Debian
CVE-2026-2443: libsoup2.4 - A flaw was identified in libsoup, a widely used HTTP library in GNOME-based syst...โ†—2026
โ–ถ

๐Ÿ•ต๏ธThreat Intelligence

1
Wiz
CVE-2026-2443 Impact, Exploitability, and Mitigation Steps | Wizโ†—
โ–ถ
CVE-2026-2443 โ€” Out-of-bounds Read in Redhat | cvebase