libsoup Heap Buffer Over-Read Vulnerability

A heap buffer over-read vulnerability has been identified in the libsoup library, specifically in the content sniffer functions 'sniff_feed_or_html()' and 'skip_insignificant_space()'. This vulnerability allows libsoup clients to read out-of-bounds data in response to a crafted HTTP response from an HTTP server. The issue arises from improper handling of certain HTML content, which can be exploited to access memory beyond the intended buffer limits.

Impact

Exploitation of this vulnerability can lead to heap buffer over-reads, where a program reads more data from a buffer than it should, potentially allowing for memory corruption or information disclosure.

Reproduction

The vulnerability can be reproduced by using a libsoup client to send a request to an HTTP server that responds with a specially crafted HTML payload. This payload should be designed to exploit the content sniffer's 'sniff_feed_or_html()' function, causing the client to read out-of-bounds data.

Remediation

Users can apply the latest libsoup update available through the Red Hat Enterprise Linux 8 or 9 channels to address this vulnerability.