libsoup HTTP Request Smuggling Vulnerability

A HTTP request smuggling vulnerability has been identified in libsoup, an HTTP client/server library. This issue stems from non-RFC-compliant parsing in the chunked transfer encoding parser, specifically in the soup_filter_input_stream_read_line() function. Libsoup improperly accepts malformed chunk headers, such as lone line feed (LF) characters, instead of the required carriage return and line feed (CRLF). A remote attacker can exploit this vulnerability without authentication or user interaction by sending specially crafted chunked requests. The exploitation allows libsoup to parse and process multiple HTTP requests from a single network message, potentially leading to information disclosure. However, the impact is limited as the affected SoupServer component is not commonly deployed in internet-facing infrastructure.

Impact

Exploitation of this vulnerability could lead to HTTP request smuggling, allowing an attacker to manipulate how HTTP requests are processed. This could be used to bypass security mechanisms, such as firewalls, and potentially gain unauthorized access to web applications. Additionally, it could cause web cache poisoning by tricking the server into caching malicious content.