{"id":"CVE-2017-2885","details":"An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability.","modified":"2026-05-18T05:49:39.557805478Z","published":"2018-04-24T19:29:02.783Z","related":["SUSE-SU-2017:2129-1","SUSE-SU-2017:2130-1","SUSE-SU-2018:2204-1","SUSE-SU-2018:2204-2","openSUSE-SU-2024:10994-1"],"database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"8.0"},{"last_affected":"9.0"}],"source":"CPE_FIELD","cpes":["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"],"vendor_product":"debian:debian_linux"},{"extracted_events":[{"last_affected":"7.0"}],"cpes":["cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"redhat:enterprise_linux_desktop"},{"extracted_events":[{"last_affected":"7.0"}],"cpes":["cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"redhat:enterprise_linux_server"},{"extracted_events":[{"last_affected":"7.4"}],"source":"CPE_FIELD","cpes":["cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*"],"vendor_product":"redhat:enterprise_linux_server_aus"},{"extracted_events":[{"last_affected":"7.4"},{"last_affected":"7.5"}],"source":"CPE_FIELD","cpes":["cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*"],"vendor_product":"redhat:enterprise_linux_server_eus"},{"extracted_events":[{"last_affected":"7.4"}],"cpes":["cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"redhat:enterprise_linux_server_tus"},{"extracted_events":[{"last_affected":"7.0"}],"cpes":["cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"redhat:enterprise_linux_workstation"}]},"references":[{"type":"WEB","url":"http://www.securityfocus.com/bid/100258"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2459"},{"type":"ADVISORY","url":"https://www.debian.org/security/2017/dsa-3929"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/160388/ProCaster-LE-32F430-GStreamer-souphttpsrc-libsoup-2.51.3-Stack-Overflow.html"},{"type":"EVIDENCE","url":"http://seclists.org/fulldisclosure/2020/Dec/3"},{"type":"EVIDENCE","url":"https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0392"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gnome/libsoup","events":[{"introduced":"0"},{"last_affected":"c829641668d893d0136993dcc6d7e1d661dd6e39"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"2.58"}],"cpe":"cpe:2.3:a:gnome:libsoup:2.58:*:*:*:*:*:*:*","source":"CPE_FIELD"}}],"versions":["2.58.0","2.57.1","2.56.0","2.55.90","2.54.1","2.54.0.1","2.54.0","2.53.92","2.53.90","2.53.2","2.53.1","2.52.1","2.52.0","2.51.92","2.51.90","2.51.3","2.50.0","2.49.92","2.49.91.1","2.49.91","2.49.1","2.48.0","2.47.92","2.47.4","2.47.3","2.46.0","2.45.92","2.45.90","2.45.3","2.44.1","2.44.0","LIBSOUP_2_43_92","2.43.92","LIBSOUP_2_43_90","2.43.90","LIBSOUP_2_43_5","2.43.5","LIBSOUP_2_43_4","2.43.4","LIBSOUP_2_43_2","2.43.2","LIBSOUP_2_43_1","2.43.1","LIBSOUP_2_42_1","2.42.1","LIBSOUP_2_42_0","2.42.0","LIBSOUP_2_41_92","2.41.92","LIBSOUP_2_41_91","2.41.91","LIBSOUP_2_41_90","2.41.90","LIBSOUP_2_41_5","2.41.5","LIBSOUP_2_41_4","2.41.4","LIBSOUP_2_41_3","2.41.3","LIBSOUP_2_41_2","2.41.2","LIBSOUP_2_41_1","2.41.1","LIBSOUP_2_40_1","2.40.1","LIBSOUP_2_40_0","2.40.0","LIBSOUP_2_39_92","LIBSOUP_2_39_91","LIBSOUP_2_39_90","LIBSOUP_2_39_5","LIBSOUP_2_38_1","LIBSOUP_2_39_4_1","LIBSOUP_2_39_4","LIBSOUP_2_39_3","LIBSOUP_2_39_2","LIBSOUP_2_39_1","LIBSOUP_2_38_0","LIBSOUP_2_37_92","LIBSOUP_2_37_91","LIBSOUP_2_37_90","LIBSOUP_2_37_5","LIBSOUP_2_37_4","LIBSOUP_2_37_3","LIBSOUP_2_37_2","LIBSOUP_2_37_1","LIBSOUP_2_36_0","LIBSOUP_2_35_92","LIBSOUP_2_35_90","LIBSOUP_2_35_4","LIBSOUP_2_35_3","LIBSOUP_2_34_1","LIBSOUP_2_34_0","LIBSOUP_2_33_92","LIBSOUP_2_33_90","LIBSOUP_2_33_6","LIBSOUP_2_33_5","LIBSOUP_2_33_4","LIBSOUP_2_32_2","LIBSOUP_2_32_1","LIBSOUP_2_32_0","LIBSOUP_2_31_92","LIBSOUP_2_31_90","LIBSOUP_2_31_6","LIBSOUP_2_30_0","LIBSOUP_2_29_91","LIBSOUP_2_29_90","LIBSOUP_2_29_6","LIBSOUP_2_29_5","LIBSOUP_2_29_3","LIBSOUP_2_28_1","LIBSOUP_2_28_0","LIBSOUP_2_27_92","LIBSOUP_2_27_91","LIBSOUP_2_27_90","LIBSOUP_2_27_5","LIBSOUP_2_27_4","LIBSOUP_2_27_2","LIBSOUP_2_27_1","LIBSOUP_2_26_1","LIBSOUP_2_26_0_9","LIBSOUP_2_26_0","LIBSOUP_2_25_91","LIBSOUP_2_25_5","LIBSOUP_2_25_4","LIBSOUP_2_25_2","LIBSOUP_2_25_1","LIBSOUP_2_24_0","LIBSOUP_2_23_92","LIBSOUP_2_23_91","LIBSOUP_2_23_6","LIBSOUP_2_23_1","LIBSOUP_2_4_1","LIBSOUP_2_4_0","LIBSOUP_2_3_4","LIBSOUP_2_3_2","LIBSOUP_2_3_0_1","LIBSOUP_2_2_103","LIBSOUP_2_2_102","LIBSOUP_2_2_101","SOUP_2_2_100","LIBSOUP_2_2_100","LIBSOUP_2_2_99","LIBSOUP_2_2_98","LIBSOUP_2_2_97","LIBSOUP_2_2_96","LIBSOUP_2_2_95_1","LIBSOUP_2_2_94","LIBSOUP_2_2_93","LIBSOUP_2_2_92","LIBSOUP_2_2_91","LIBSOUP_2_2_90_NOT_A_REAL_RELEASE","gnome-2-12-base","libsoup-pre214-branch-base","LIBSOUP_2_2_6_1","LIBSOUP_2_2_6","LIBSOUP_2_2_5","LIBSOUP_2_2_0","LIBSOUP_2_1_13","LIBSOUP_2_1_12","LIBSOUP_2_1_11","LIBSOUP_2_1_10","LIBSOUP_2_1_9","LIBSOUP_2_1_8","libsoup-hacking-branch-base","LIBSOUP_2_1_7","LIBSOUP_2_1_6","LIBSOUP_2_1_5","LIBSOUP_2_1_4","LIBSOUP_2_1_3","LIBSOUP_2_1_2","libsoup-2-0-branch-base","LIBSOUP_1_99_25","LIBSOUP_1_99_24","LIBSOUP_1_99_23","LIBSOUP_1_99_22","LIBSOUP_1_99_20","LIBSOUP_1_99_19","LIBSOUP_1_99_17","LIBSOUP_1_99_16","LIBSOUP_1_99_15","SOUP_0_6_0","SOUP_0_5","SOUP_0_4","SOUP_0_4_1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-2885.json"}},{"ranges":[{"type":"GIT","repo":"https://gitlab.gnome.org/gnome/libsoup","events":[{"introduced":"0"},{"last_affected":"c829641668d893d0136993dcc6d7e1d661dd6e39"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"2.58"}],"cpe":"cpe:2.3:a:gnome:libsoup:2.58:*:*:*:*:*:*:*","source":"CPE_FIELD"}}],"versions":["2.58.0","2.57.1","2.56.0","2.55.90","2.54.1","2.54.0.1","2.54.0","2.53.92","2.53.90","2.53.2","2.53.1","2.52.1","2.52.0","2.51.92","2.51.90","2.51.3","2.50.0","2.49.92","2.49.91.1","2.49.91","2.49.1","2.48.0","2.47.92","2.47.4","2.47.3","2.46.0","2.45.92","2.45.90","2.45.3","2.44.1","2.44.0","LIBSOUP_2_43_92","2.43.92","LIBSOUP_2_43_90","2.43.90","LIBSOUP_2_43_5","2.43.5","LIBSOUP_2_43_4","2.43.4","LIBSOUP_2_43_2","2.43.2","LIBSOUP_2_43_1","2.43.1","LIBSOUP_2_42_1","2.42.1","LIBSOUP_2_42_0","2.42.0","LIBSOUP_2_41_92","2.41.92","LIBSOUP_2_41_91","2.41.91","LIBSOUP_2_41_90","2.41.90","LIBSOUP_2_41_5","2.41.5","LIBSOUP_2_41_4","2.41.4","LIBSOUP_2_41_3","2.41.3","LIBSOUP_2_41_2","2.41.2","LIBSOUP_2_41_1","2.41.1","LIBSOUP_2_40_1","2.40.1","LIBSOUP_2_40_0","2.40.0","LIBSOUP_2_39_92","LIBSOUP_2_39_91","LIBSOUP_2_39_90","LIBSOUP_2_39_5","LIBSOUP_2_38_1","LIBSOUP_2_39_4_1","LIBSOUP_2_39_4","LIBSOUP_2_39_3","LIBSOUP_2_39_2","LIBSOUP_2_39_1","LIBSOUP_2_38_0","LIBSOUP_2_37_92","LIBSOUP_2_37_91","LIBSOUP_2_37_90","LIBSOUP_2_37_5","LIBSOUP_2_37_4","LIBSOUP_2_37_3","LIBSOUP_2_37_2","LIBSOUP_2_37_1","LIBSOUP_2_36_0","LIBSOUP_2_35_92","LIBSOUP_2_35_90","LIBSOUP_2_35_4","LIBSOUP_2_35_3","LIBSOUP_2_34_1","LIBSOUP_2_34_0","LIBSOUP_2_33_92","LIBSOUP_2_33_90","LIBSOUP_2_33_6","LIBSOUP_2_33_5","LIBSOUP_2_33_4","LIBSOUP_2_32_2","LIBSOUP_2_32_1","LIBSOUP_2_32_0","LIBSOUP_2_31_92","LIBSOUP_2_31_90","LIBSOUP_2_31_6","LIBSOUP_2_30_0","LIBSOUP_2_29_91","LIBSOUP_2_29_90","LIBSOUP_2_29_6","LIBSOUP_2_29_5","LIBSOUP_2_29_3","LIBSOUP_2_28_1","LIBSOUP_2_28_0","LIBSOUP_2_27_92","LIBSOUP_2_27_91","LIBSOUP_2_27_90","LIBSOUP_2_27_5","LIBSOUP_2_27_4","LIBSOUP_2_27_2","LIBSOUP_2_27_1","LIBSOUP_2_26_1","LIBSOUP_2_26_0_9","LIBSOUP_2_26_0","LIBSOUP_2_25_91","LIBSOUP_2_25_5","LIBSOUP_2_25_4","LIBSOUP_2_25_2","LIBSOUP_2_25_1","LIBSOUP_2_24_0","LIBSOUP_2_23_92","LIBSOUP_2_23_91","LIBSOUP_2_23_6","LIBSOUP_2_23_1","LIBSOUP_2_4_1","LIBSOUP_2_4_0","LIBSOUP_2_3_4","LIBSOUP_2_3_2","LIBSOUP_2_3_0_1","LIBSOUP_2_2_103","LIBSOUP_2_2_102","LIBSOUP_2_2_101","SOUP_2_2_100","LIBSOUP_2_2_100","LIBSOUP_2_2_99","LIBSOUP_2_2_98","LIBSOUP_2_2_97","LIBSOUP_2_2_96","LIBSOUP_2_2_95_1","LIBSOUP_2_2_94","LIBSOUP_2_2_93","LIBSOUP_2_2_92","LIBSOUP_2_2_91","LIBSOUP_2_2_90_NOT_A_REAL_RELEASE","gnome-2-12-base","libsoup-pre214-branch-base","LIBSOUP_2_2_6_1","LIBSOUP_2_2_6","LIBSOUP_2_2_5","LIBSOUP_2_2_0","LIBSOUP_2_1_13","LIBSOUP_2_1_12","LIBSOUP_2_1_11","LIBSOUP_2_1_10","LIBSOUP_2_1_9","LIBSOUP_2_1_8","libsoup-hacking-branch-base","LIBSOUP_2_1_7","LIBSOUP_2_1_6","LIBSOUP_2_1_5","LIBSOUP_2_1_4","LIBSOUP_2_1_3","LIBSOUP_2_1_2","libsoup-2-0-branch-base","LIBSOUP_1_99_25","LIBSOUP_1_99_24","LIBSOUP_1_99_23","LIBSOUP_1_99_22","LIBSOUP_1_99_20","LIBSOUP_1_99_19","LIBSOUP_1_99_17","LIBSOUP_1_99_16","LIBSOUP_1_99_15","SOUP_0_6_0","SOUP_0_5","SOUP_0_4","SOUP_0_4_1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-2885.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}