Libsoup HTTP Library Cookie Date Handling Vulnerability Leading to Out-of-Bounds Memory Read

A vulnerability has been identified in the libsoup HTTP library, which is commonly used in GNOME and other applications for web communication. The issue arises in the cookie date handling logic, where the library may read memory out of bounds when processing cookies with specially crafted expiration dates. This flaw could unintentionally disclose memory contents, potentially exposing sensitive information from the application using libsoup.

Impact

Exploitation of this vulnerability could lead to an out-of-bounds memory read, allowing for unintended disclosure of memory contents. This could include sensitive information such as cryptographic keys or personal data. Additionally, the out-of-bounds read could cause a segmentation fault, crashing the application. In some cases, the disclosed memory addresses could be used to bypass security mechanisms like Address Space Layout Randomization, improving the reliability of exploiting other vulnerabilities for code execution.