Primary

Context

libsoup Multipart HTTP Message Handling Vulnerability Leading to Out-of-Bounds Read

Vulnerability

A vulnerability exists in the libsoup package due to improper verification of multipart HTTP message termination. This flaw allows remote attackers to send specially crafted multipart HTTP bodies, causing servers that use libsoup to read beyond their allocated memory limits, resulting in an out-of-bounds read.

Impact

Exploitation of this vulnerability causes an off-by-one out-of-bounds read, which can potentially lead to memory corruption or information disclosure.

Reproduction

The vulnerability can be reproduced by sending a malformed multipart HTTP message to a server that uses libsoup for handling HTTP requests. The libsoup version must be one that contains this vulnerability, and the server should be configured to process multipart messages.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

6.7

remediation

0.0

relevance

0.0

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

6.7

remediation

0.0

relevance

0.0

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

libsoup Multipart HTTP Message Handling Vulnerability Leading to Out-of-Bounds Read

Vulnerability

Impact

Reproduction

Affected Products

libsoup

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating