VulnerableCode Package Details - pkg:deb/debian/libsoup3@3.6.6-1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1vz1-x5py-dkg5	A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different host. As a result, sensitive proxy credentials may be leaked to third-party servers. Applications using libsoup for HTTP communication may unintentionally expose proxy authentication data.	CVE-2026-1539
VCID-3zqd-pcvp-a7ed	libsoup: SoupServer: Denial of Service via HTTP request smuggling	CVE-2026-1760
VCID-6sbg-fgfs-43b6	libsoup: Out-of-Bounds Read in libsoup handle_partial_get() Leading to Heap Information Disclosure	CVE-2026-2443
VCID-cjwc-3fs8-17ef	libsoup: libsoup: HTTP Request Smuggling via malformed chunk headers	CVE-2026-1801
VCID-dnrq-3tff-nfc3	libsoup: Out-of-Bounds Read in libsoup WebSocket Frame Processing	CVE-2026-0716
VCID-ka6q-xta6-ukdp	libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response	CVE-2026-1761
VCID-mxjn-d8v7-8ubc	libsoup: Heap Use-After-Free in libsoup message queue handling during HTTP/2 read completion	CVE-2025-12105
VCID-nbx2-3qh6-tqa3	libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins)	CVE-2025-14523
VCID-nu2x-tpra-4few	libsoup: libsoup: HTTP header injection or response splitting via CRLF injection in Content-Disposition header	CVE-2026-1536
VCID-sccj-juvj-5ud5	libsoup: libsoup: HTTP header injection via specially crafted URLs when an HTTP proxy is configured	CVE-2026-1467
VCID-tpky-j79x-pqd4	libsoup: Out-of-Bounds Read in Cookie Date Handling of libsoup HTTP Library	CVE-2025-11021
VCID-vsry-jr8n-zba8	libsoup: libsoup: Buffer overread due to integer underflow when handling zero-length resources	CVE-2026-2369

Vulnerability

Summary

Aliases

VCID-1vz1-x5py-dkg5

A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different host. As a result, sensitive proxy credentials may be leaked to third-party servers. Applications using libsoup for HTTP communication may unintentionally expose proxy authentication data.

CVE-2026-1539

VCID-3zqd-pcvp-a7ed

libsoup: SoupServer: Denial of Service via HTTP request smuggling

CVE-2026-1760

VCID-6sbg-fgfs-43b6

libsoup: Out-of-Bounds Read in libsoup handle_partial_get() Leading to Heap Information Disclosure

CVE-2026-2443

VCID-cjwc-3fs8-17ef

libsoup: libsoup: HTTP Request Smuggling via malformed chunk headers

CVE-2026-1801

VCID-dnrq-3tff-nfc3

libsoup: Out-of-Bounds Read in libsoup WebSocket Frame Processing

CVE-2026-0716

VCID-ka6q-xta6-ukdp

libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response

CVE-2026-1761

VCID-mxjn-d8v7-8ubc

libsoup: Heap Use-After-Free in libsoup message queue handling during HTTP/2 read completion

CVE-2025-12105

VCID-nbx2-3qh6-tqa3

libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins)

CVE-2025-14523

VCID-nu2x-tpra-4few

libsoup: libsoup: HTTP header injection or response splitting via CRLF injection in Content-Disposition header

CVE-2026-1536

VCID-sccj-juvj-5ud5

libsoup: libsoup: HTTP header injection via specially crafted URLs when an HTTP proxy is configured

CVE-2026-1467

VCID-tpky-j79x-pqd4

libsoup: Out-of-Bounds Read in Cookie Date Handling of libsoup HTTP Library

CVE-2025-11021

VCID-vsry-jr8n-zba8

libsoup: libsoup: Buffer overread due to integer underflow when handling zero-length resources

CVE-2026-2369

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T12:46:24.295942+00:00	Debian Importer	Fixing	VCID-sccj-juvj-5ud5	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:22:46.876765+00:00	Debian Importer	Fixing	VCID-1vz1-x5py-dkg5	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:16:21.319769+00:00	Debian Importer	Fixing	VCID-vsry-jr8n-zba8	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:14:50.700862+00:00	Debian Importer	Fixing	VCID-3zqd-pcvp-a7ed	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:43:20.342742+00:00	Debian Importer	Fixing	VCID-dnrq-3tff-nfc3	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:35:35.606236+00:00	Debian Importer	Fixing	VCID-cjwc-3fs8-17ef	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:25:21.847437+00:00	Debian Importer	Fixing	VCID-6sbg-fgfs-43b6	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:08:44.864790+00:00	Debian Importer	Fixing	VCID-nu2x-tpra-4few	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:58:22.527554+00:00	Debian Importer	Fixing	VCID-tpky-j79x-pqd4	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:24:30.686976+00:00	Debian Importer	Fixing	VCID-mxjn-d8v7-8ubc	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:16:48.827314+00:00	Debian Importer	Fixing	VCID-ka6q-xta6-ukdp	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:01:09.379322+00:00	Debian Importer	Fixing	VCID-nbx2-3qh6-tqa3	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:45:38.244401+00:00	Debian Importer	Fixing	VCID-sccj-juvj-5ud5	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:28:12.368481+00:00	Debian Importer	Fixing	VCID-1vz1-x5py-dkg5	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:23:36.877212+00:00	Debian Importer	Fixing	VCID-vsry-jr8n-zba8	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:22:37.796192+00:00	Debian Importer	Fixing	VCID-3zqd-pcvp-a7ed	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:59:25.850535+00:00	Debian Importer	Fixing	VCID-dnrq-3tff-nfc3	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:54:15.552848+00:00	Debian Importer	Fixing	VCID-cjwc-3fs8-17ef	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:46:53.308899+00:00	Debian Importer	Fixing	VCID-6sbg-fgfs-43b6	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:34:24.292494+00:00	Debian Importer	Fixing	VCID-nu2x-tpra-4few	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:26:37.475482+00:00	Debian Importer	Fixing	VCID-tpky-j79x-pqd4	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:01:07.376330+00:00	Debian Importer	Fixing	VCID-mxjn-d8v7-8ubc	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:54:58.874061+00:00	Debian Importer	Fixing	VCID-ka6q-xta6-ukdp	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:02:51.258537+00:00	Debian Importer	Fixing	VCID-nbx2-3qh6-tqa3	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-08T19:49:54.742235+00:00	Debian Importer	Fixing	VCID-sccj-juvj-5ud5	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T19:38:32.967170+00:00	Debian Importer	Fixing	VCID-1vz1-x5py-dkg5	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T19:35:23.595320+00:00	Debian Importer	Fixing	VCID-vsry-jr8n-zba8	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T19:34:32.979346+00:00	Debian Importer	Fixing	VCID-3zqd-pcvp-a7ed	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T19:19:23.290355+00:00	Debian Importer	Fixing	VCID-dnrq-3tff-nfc3	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T19:15:33.773855+00:00	Debian Importer	Fixing	VCID-cjwc-3fs8-17ef	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T19:10:20.873710+00:00	Debian Importer	Fixing	VCID-6sbg-fgfs-43b6	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T19:02:07.177175+00:00	Debian Importer	Fixing	VCID-nu2x-tpra-4few	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T18:56:48.826800+00:00	Debian Importer	Fixing	VCID-tpky-j79x-pqd4	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T18:39:52.287813+00:00	Debian Importer	Fixing	VCID-mxjn-d8v7-8ubc	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T18:35:57.620485+00:00	Debian Importer	Fixing	VCID-ka6q-xta6-ukdp	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-04T17:54:29.413321+00:00	Debian Importer	Fixing	VCID-nbx2-3qh6-tqa3	https://security-tracker.debian.org/tracker/data/json	38.1.0

2026-04-16T12:46:24.295942+00:00

Debian Importer

Fixing

VCID-sccj-juvj-5ud5

https://security-tracker.debian.org/tracker/data/json

38.4.0

2026-04-16T12:22:46.876765+00:00

Debian Importer

Fixing

VCID-1vz1-x5py-dkg5

https://security-tracker.debian.org/tracker/data/json

38.4.0

2026-04-16T12:16:21.319769+00:00

Debian Importer

Fixing

VCID-vsry-jr8n-zba8

https://security-tracker.debian.org/tracker/data/json

38.4.0

2026-04-16T12:14:50.700862+00:00

Debian Importer

Fixing

VCID-3zqd-pcvp-a7ed

https://security-tracker.debian.org/tracker/data/json

38.4.0

2026-04-16T11:43:20.342742+00:00

Debian Importer

Fixing

VCID-dnrq-3tff-nfc3

https://security-tracker.debian.org/tracker/data/json

38.4.0

2026-04-16T11:35:35.606236+00:00

Debian Importer

Fixing

VCID-cjwc-3fs8-17ef

https://security-tracker.debian.org/tracker/data/json

38.4.0

2026-04-16T11:25:21.847437+00:00

Debian Importer

Fixing

VCID-6sbg-fgfs-43b6

https://security-tracker.debian.org/tracker/data/json

38.4.0

2026-04-16T11:08:44.864790+00:00

Debian Importer

Fixing

VCID-nu2x-tpra-4few

https://security-tracker.debian.org/tracker/data/json

38.4.0

2026-04-16T10:58:22.527554+00:00

Debian Importer

Fixing

VCID-tpky-j79x-pqd4

https://security-tracker.debian.org/tracker/data/json

38.4.0

2026-04-16T10:24:30.686976+00:00

Debian Importer

Fixing

VCID-mxjn-d8v7-8ubc

https://security-tracker.debian.org/tracker/data/json

38.4.0

2026-04-16T10:16:48.827314+00:00

Debian Importer

Fixing

VCID-ka6q-xta6-ukdp

https://security-tracker.debian.org/tracker/data/json

38.4.0

2026-04-16T09:01:09.379322+00:00

Debian Importer

Fixing

VCID-nbx2-3qh6-tqa3

https://security-tracker.debian.org/tracker/data/json

38.4.0

2026-04-13T08:45:38.244401+00:00

Debian Importer

Fixing

VCID-sccj-juvj-5ud5

https://security-tracker.debian.org/tracker/data/json

38.3.0

2026-04-13T08:28:12.368481+00:00

Debian Importer

Fixing

VCID-1vz1-x5py-dkg5

https://security-tracker.debian.org/tracker/data/json

38.3.0

2026-04-13T08:23:36.877212+00:00

Debian Importer

Fixing

VCID-vsry-jr8n-zba8

https://security-tracker.debian.org/tracker/data/json

38.3.0

2026-04-13T08:22:37.796192+00:00

Debian Importer

Fixing

VCID-3zqd-pcvp-a7ed

https://security-tracker.debian.org/tracker/data/json

38.3.0

2026-04-13T07:59:25.850535+00:00

Debian Importer

Fixing

VCID-dnrq-3tff-nfc3

https://security-tracker.debian.org/tracker/data/json

38.3.0

2026-04-13T07:54:15.552848+00:00

Debian Importer

Fixing

VCID-cjwc-3fs8-17ef

https://security-tracker.debian.org/tracker/data/json

38.3.0

2026-04-13T07:46:53.308899+00:00

Debian Importer

Fixing

VCID-6sbg-fgfs-43b6

https://security-tracker.debian.org/tracker/data/json

38.3.0

2026-04-13T07:34:24.292494+00:00

Debian Importer

Fixing

VCID-nu2x-tpra-4few

https://security-tracker.debian.org/tracker/data/json

38.3.0

2026-04-13T07:26:37.475482+00:00

Debian Importer

Fixing

VCID-tpky-j79x-pqd4

https://security-tracker.debian.org/tracker/data/json

38.3.0

2026-04-13T07:01:07.376330+00:00

Debian Importer

Fixing

VCID-mxjn-d8v7-8ubc

https://security-tracker.debian.org/tracker/data/json

38.3.0

2026-04-13T06:54:58.874061+00:00

Debian Importer

Fixing

VCID-ka6q-xta6-ukdp

https://security-tracker.debian.org/tracker/data/json

38.3.0

2026-04-11T18:02:51.258537+00:00

Debian Importer

Fixing

VCID-nbx2-3qh6-tqa3

https://security-tracker.debian.org/tracker/data/json

38.3.0

2026-04-08T19:49:54.742235+00:00

Debian Importer

Fixing

VCID-sccj-juvj-5ud5

https://security-tracker.debian.org/tracker/data/json

38.1.0

2026-04-08T19:38:32.967170+00:00

Debian Importer

Fixing

VCID-1vz1-x5py-dkg5

https://security-tracker.debian.org/tracker/data/json

38.1.0

2026-04-08T19:35:23.595320+00:00

Debian Importer

Fixing

VCID-vsry-jr8n-zba8

https://security-tracker.debian.org/tracker/data/json

38.1.0

2026-04-08T19:34:32.979346+00:00

Debian Importer

Fixing

VCID-3zqd-pcvp-a7ed

https://security-tracker.debian.org/tracker/data/json

38.1.0

2026-04-08T19:19:23.290355+00:00

Debian Importer

Fixing

VCID-dnrq-3tff-nfc3

https://security-tracker.debian.org/tracker/data/json

38.1.0

2026-04-08T19:15:33.773855+00:00

Debian Importer

Fixing

VCID-cjwc-3fs8-17ef

https://security-tracker.debian.org/tracker/data/json

38.1.0

2026-04-08T19:10:20.873710+00:00

Debian Importer

Fixing

VCID-6sbg-fgfs-43b6

https://security-tracker.debian.org/tracker/data/json

38.1.0

2026-04-08T19:02:07.177175+00:00

Debian Importer

Fixing

VCID-nu2x-tpra-4few

https://security-tracker.debian.org/tracker/data/json

38.1.0

2026-04-08T18:56:48.826800+00:00

Debian Importer

Fixing

VCID-tpky-j79x-pqd4

https://security-tracker.debian.org/tracker/data/json

38.1.0

2026-04-08T18:39:52.287813+00:00

Debian Importer

Fixing

VCID-mxjn-d8v7-8ubc

https://security-tracker.debian.org/tracker/data/json

38.1.0

2026-04-08T18:35:57.620485+00:00

Debian Importer

Fixing

VCID-ka6q-xta6-ukdp

https://security-tracker.debian.org/tracker/data/json

38.1.0

2026-04-04T17:54:29.413321+00:00

Debian Importer

Fixing

VCID-nbx2-3qh6-tqa3

https://security-tracker.debian.org/tracker/data/json

38.1.0