GNOME libsoup
cpe:2.3:a:gnome:libsoup:*:*:*:*:*:*:*
- 54f94536b7edafb8a2d0640516838b11987b5b6c
A use-after-free vulnerability has been identified in libsoup, specifically within its HTTP/2 server implementation. This flaw allows remote attackers to cause authentication failures by sending specially crafted HTTP/2 requests. The vulnerability arises in the 'on_frame_recv_callback()' function, where the server processes HTTP/2 frames. If a user-defined signal handler disconnects the client during this process, the associated 'SoupServerMessageIOHTTP2' object may be freed while still in use, leading to a heap use-after-free condition. Consequently, this can cause application crashes or instability, creating a denial-of-service situation.
Exploitation of this vulnerability causes a heap-use-after-free condition, where the application attempts to access memory that has already been freed. This can lead to memory corruption, allowing for potential arbitrary code execution, or causing the application to crash, exit, or restart. Additionally, the use-after-free may be exploited to execute unauthorized code or commands, particularly if the freed memory is manipulated before being reclaimed.
The vulnerability can be reproduced by setting up a libsoup HTTP/2 server and disconnecting the client connection during the 'on_frame_recv_callback()' execution. This can be achieved by sending an HTTP/2 request that triggers an authentication failure, causing the server to disconnect the client before the callback completes. The use-after-free can be verified by compiling the server with AddressSanitizer enabled, which will detect the memory access violation.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.