{"id":"MGASA-2024-0382","summary":"Updated libsoup3 & libsoup packages fix security vulnerabilities","details":"GNOME libsoup before 3.6.0 allows HTTP request smuggling in some\nconfigurations because '\\0' characters at the end of header names are\nignored, i.e., a \"Transfer-Encoding\\0: chunked\" header is treated the\nsame as a \"Transfer-Encoding: chunked\" header. (CVE-2024-52530)\nGNOME libsoup before 3.6.1 allows a buffer overflow in applications that\nperform conversion to UTF-8 in soup_header_parse_param_list_strict.\nInput received over the network cannot trigger this. (CVE-2024-52531)\nGNOME libsoup before 3.6.1 has an infinite loop, and memory consumption.\nduring the reading of certain patterns of WebSocket data from clients.\n(CVE-2024-52532)\n","modified":"2026-01-31T15:50:07.097726Z","published":"2024-11-29T23:36:19Z","related":["CVE-2024-52530","CVE-2024-52531","CVE-2024-52532"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2024-0382.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=33765"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2024/11/09/2"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2024/11/12/8"},{"type":"REPORT","url":"https://ubuntu.com/security/notices/USN-7126-1"},{"type":"REPORT","url":"https://ubuntu.com/security/notices/USN-7127-1"}],"affected":[{"package":{"name":"libsoup3","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/libsoup3?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.4.2-1.1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0382.json"}},{"package":{"name":"libsoup","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/libsoup?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.74.3-1.1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0382.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}