threat
engine
.sh
Back
·
··:··
Home
/
Product
/
gnome libsoup
Product
gnome libsoup
26 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-2708
all versions
A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_headers_append_common() functi
3.7
LOW
CVE-2026-5119
all versions
A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transm
5.9
MEDIUM
CVE-2026-2436
all versions
A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the `soup_server_di
6.5
MEDIUM
CVE-2026-2369
all versions
A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leadin
6.5
MEDIUM
CVE-2026-4271
all versions
A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HT
5.3
MEDIUM
CVE-2026-3634
all versions
A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header can inject a Carriage Return Li
3.9
LOW
CVE-2026-3633
all versions
A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the
soup_message_new()
function, could in
3.9
LOW
CVE-2026-3632
all versions
A flaw was found in libsoup, a library used by applications to send network requests. This vulnerability occurs because libsoup do
3.9
LOW
CVE-2026-3099
all versions
A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not prope
5.8
MEDIUM
CVE-2026-2443
all versions
A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range
5.3
MEDIUM
CVE-2026-1801
all versions
A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-complian
5.3
MEDIUM
CVE-2026-1539
all versions
A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations
5.8
MEDIUM
CVE-2026-1536
all versions
A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF (Carriage Re
5.8
MEDIUM
CVE-2026-1467
all versions
A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF (Carriage Return Line Feed) Injection, occu
5.8
MEDIUM
CVE-2025-2784
< 3.6.5
A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_white
7.0
HIGH
CVE-2024-52532
< 3.6.1
GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data
7.5
HIGH
CVE-2024-52531
< 3.6.1
GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_li
6.5
MEDIUM
CVE-2024-52530
< 3.6.0
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names
7.5
HIGH
CVE-2019-17266
>= 2.65.1 and < 2.66.4
libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm
9.8
CRITICAL
CVE-2018-12910
all versions
The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.
9.8
CRITICAL
CVE-2018-11713
< 2.62.0
WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior
6.5
MEDIUM
CVE-2017-2885
all versions
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can ca
9.8
CRITICAL
CVE-2012-2132
all versions
libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allow
CVE-2011-2524
<= 2.35.3
Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary f
CVE-2009-0585
all versions
Integer overflow in the soup_base64_encode function in soup-misc.c in libsoup 2.x.x before 2.2.x, and 2.x before 2.24, allows cont
CVE-2006-5876
all versions
The soup_headers_parse function in soup-headers.c for libsoup HTTP library before 2.2.99 allows remote attackers to cause a denial
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin