Search for packages
| purl | pkg:deb/debian/libsoup3@3.6.5-3 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1vz1-x5py-dkg5
Aliases: CVE-2026-1539 |
A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different host. As a result, sensitive proxy credentials may be leaked to third-party servers. Applications using libsoup for HTTP communication may unintentionally expose proxy authentication data. |
Affected by 0 other vulnerabilities. |
|
VCID-3zqd-pcvp-a7ed
Aliases: CVE-2026-1760 |
libsoup: SoupServer: Denial of Service via HTTP request smuggling |
Affected by 0 other vulnerabilities. |
|
VCID-6sbg-fgfs-43b6
Aliases: CVE-2026-2443 |
libsoup: Out-of-Bounds Read in libsoup handle_partial_get() Leading to Heap Information Disclosure |
Affected by 0 other vulnerabilities. |
|
VCID-cjwc-3fs8-17ef
Aliases: CVE-2026-1801 |
libsoup: libsoup: HTTP Request Smuggling via malformed chunk headers |
Affected by 0 other vulnerabilities. |
|
VCID-dnrq-3tff-nfc3
Aliases: CVE-2026-0716 |
libsoup: Out-of-Bounds Read in libsoup WebSocket Frame Processing |
Affected by 0 other vulnerabilities. |
|
VCID-ka6q-xta6-ukdp
Aliases: CVE-2026-1761 |
libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response |
Affected by 0 other vulnerabilities. |
|
VCID-mxjn-d8v7-8ubc
Aliases: CVE-2025-12105 |
libsoup: Heap Use-After-Free in libsoup message queue handling during HTTP/2 read completion |
Affected by 0 other vulnerabilities. |
|
VCID-nbx2-3qh6-tqa3
Aliases: CVE-2025-14523 |
libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins) |
Affected by 0 other vulnerabilities. |
|
VCID-nu2x-tpra-4few
Aliases: CVE-2026-1536 |
libsoup: libsoup: HTTP header injection or response splitting via CRLF injection in Content-Disposition header |
Affected by 0 other vulnerabilities. |
|
VCID-sccj-juvj-5ud5
Aliases: CVE-2026-1467 |
libsoup: libsoup: HTTP header injection via specially crafted URLs when an HTTP proxy is configured |
Affected by 0 other vulnerabilities. |
|
VCID-tpky-j79x-pqd4
Aliases: CVE-2025-11021 |
libsoup: Out-of-Bounds Read in Cookie Date Handling of libsoup HTTP Library |
Affected by 0 other vulnerabilities. |
|
VCID-vsry-jr8n-zba8
Aliases: CVE-2026-2369 |
libsoup: libsoup: Buffer overread due to integer underflow when handling zero-length resources |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-4scr-ppqy-5ugf | libsoup: Denial of service in server when client requests a large amount of overlapping ranges with Range header |
CVE-2025-32907
|
| VCID-7hhg-3u9v-nqfw | libsoup: Integer Overflow in Cookie Expiration Date Handling in libsoup |
CVE-2025-4945
|
| VCID-9uua-rxjd-fkf6 | libsoup: Off-by-One Out-of-Bounds Read in find_boundary() in soup-multipart.c |
CVE-2025-4969
|
| VCID-rd74-1427-eybf | libsoup: Integer Underflow in soup_multipart_new_from_message() Leading to Denial of Service in libsoup |
CVE-2025-4948
|
| VCID-sabm-gujq-j3fb | libsoup: Null pointer dereference in libsoup may lead to Denial Of Service |
CVE-2025-4476
|
| VCID-v11f-c1ed-j7d1 | libsoup: Denial of service on libsoup through HTTP/2 server |
CVE-2025-32908
|
| VCID-yx68-81fu-ffar | libsoup: OOB Read on libsoup through function "soup_multipart_new_from_message" in soup-multipart.c leads to crash or exit of process |
CVE-2025-32914
|
| VCID-zhp7-2ks9-m7es | libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header |
CVE-2025-32913
|