Search for packages
| purl | pkg:deb/debian/libsoup3@3.2.3-0%2Bdeb12u2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1vz1-x5py-dkg5
Aliases: CVE-2026-1539 |
A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different host. As a result, sensitive proxy credentials may be leaked to third-party servers. Applications using libsoup for HTTP communication may unintentionally expose proxy authentication data. |
Affected by 0 other vulnerabilities. |
|
VCID-3zqd-pcvp-a7ed
Aliases: CVE-2026-1760 |
libsoup: SoupServer: Denial of Service via HTTP request smuggling |
Affected by 0 other vulnerabilities. |
|
VCID-4scr-ppqy-5ugf
Aliases: CVE-2025-32907 |
libsoup: Denial of service in server when client requests a large amount of overlapping ranges with Range header |
Affected by 12 other vulnerabilities. |
|
VCID-6sbg-fgfs-43b6
Aliases: CVE-2026-2443 |
libsoup: Out-of-Bounds Read in libsoup handle_partial_get() Leading to Heap Information Disclosure |
Affected by 0 other vulnerabilities. |
|
VCID-7hhg-3u9v-nqfw
Aliases: CVE-2025-4945 |
libsoup: Integer Overflow in Cookie Expiration Date Handling in libsoup |
Affected by 12 other vulnerabilities. |
|
VCID-9uua-rxjd-fkf6
Aliases: CVE-2025-4969 |
libsoup: Off-by-One Out-of-Bounds Read in find_boundary() in soup-multipart.c |
Affected by 12 other vulnerabilities. |
|
VCID-cjwc-3fs8-17ef
Aliases: CVE-2026-1801 |
libsoup: libsoup: HTTP Request Smuggling via malformed chunk headers |
Affected by 0 other vulnerabilities. |
|
VCID-dnrq-3tff-nfc3
Aliases: CVE-2026-0716 |
libsoup: Out-of-Bounds Read in libsoup WebSocket Frame Processing |
Affected by 0 other vulnerabilities. |
|
VCID-ka6q-xta6-ukdp
Aliases: CVE-2026-1761 |
libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response |
Affected by 0 other vulnerabilities. |
|
VCID-mxjn-d8v7-8ubc
Aliases: CVE-2025-12105 |
libsoup: Heap Use-After-Free in libsoup message queue handling during HTTP/2 read completion |
Affected by 0 other vulnerabilities. |
|
VCID-nbx2-3qh6-tqa3
Aliases: CVE-2025-14523 |
libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins) |
Affected by 0 other vulnerabilities. |
|
VCID-nu2x-tpra-4few
Aliases: CVE-2026-1536 |
libsoup: libsoup: HTTP header injection or response splitting via CRLF injection in Content-Disposition header |
Affected by 0 other vulnerabilities. |
|
VCID-rd74-1427-eybf
Aliases: CVE-2025-4948 |
libsoup: Integer Underflow in soup_multipart_new_from_message() Leading to Denial of Service in libsoup |
Affected by 12 other vulnerabilities. |
|
VCID-sabm-gujq-j3fb
Aliases: CVE-2025-4476 |
libsoup: Null pointer dereference in libsoup may lead to Denial Of Service |
Affected by 12 other vulnerabilities. |
|
VCID-sccj-juvj-5ud5
Aliases: CVE-2026-1467 |
libsoup: libsoup: HTTP header injection via specially crafted URLs when an HTTP proxy is configured |
Affected by 0 other vulnerabilities. |
|
VCID-tpky-j79x-pqd4
Aliases: CVE-2025-11021 |
libsoup: Out-of-Bounds Read in Cookie Date Handling of libsoup HTTP Library |
Affected by 0 other vulnerabilities. |
|
VCID-v11f-c1ed-j7d1
Aliases: CVE-2025-32908 |
libsoup: Denial of service on libsoup through HTTP/2 server |
Affected by 12 other vulnerabilities. |
|
VCID-vsry-jr8n-zba8
Aliases: CVE-2026-2369 |
libsoup: libsoup: Buffer overread due to integer underflow when handling zero-length resources |
Affected by 0 other vulnerabilities. |
|
VCID-yx68-81fu-ffar
Aliases: CVE-2025-32914 |
libsoup: OOB Read on libsoup through function "soup_multipart_new_from_message" in soup-multipart.c leads to crash or exit of process |
Affected by 12 other vulnerabilities. |
|
VCID-zhp7-2ks9-m7es
Aliases: CVE-2025-32913 |
libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header |
Affected by 12 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||