GNOME Libsoup Integer Overflow Vulnerability in Cookie Expiration Handling

A vulnerability has been identified in the libsoup HTTP library, which is utilized in GNOME applications and other software. This flaw arises from an integer overflow in the cookie parsing logic, specifically when processing expiration dates. A specially crafted cookie value can trigger this overflow, leading to undefined behavior. As a result, an attacker could manipulate cookie expiration logic, causing cookies to persist longer than intended or behave unpredictably. The issue originates from inadequate validation of large integer inputs during date calculations in the cookie parsing routines.

Impact

Exploitation of this vulnerability allows for the manipulation of cookie expiration dates, potentially leading to cookies that do not expire or have erratic behavior. This can disrupt session management and security policies in applications that depend on libsoup.

Remediation

Red Hat advises avoiding interactions with untrusted or compromised HTTP servers until a patched version of libsoup is available. Users should monitor for suspicious HTTP activity and apply updates as soon as a fix is released.