| BDSA-2026-0277 |
|
High |
Jan 09, 2026 |
libsoup is vulnerable to memory corruption due to a stack-based buffer overflow from the improper handling of signed integer arithmetic. This could all
more...
libsoup is vulnerable to memory corruption due to a stack-based buffer overflow from the improper handling of signed integer arithmetic. This could allow an unauthenticated remote attacker to achieve serious confidentiality, integrity and availability impacts.
less...
|
|
| BDSA-2025-55364 |
|
High |
Dec 12, 2025 |
Libsoup is vulnerable to HTTP request smuggling due to improper header request handling. This could allow an unauthenticated remote attacker to enable
more...
Libsoup is vulnerable to HTTP request smuggling due to improper header request handling. This could allow an unauthenticated remote attacker to enable cache poisoning or bypass host-based access controls when duplicate host headers are supplied.
less...
|
|
| BDSA-2025-4910 |
|
Medium |
Jun 06, 2025 |
Libsoup is vulnerable to an out-of-bounds read due to improper verification of multipart HTTP message termination in the `find_boundary()` function wit
more...
Libsoup is vulnerable to an out-of-bounds read due to improper verification of multipart HTTP message termination in the `find_boundary()` function within `soup-multipart.c`. This could allow an attacker to send a specially crafted multipart HTTP body, causing the server to read beyond its allocated memory boundaries, potentially leading to information leakage.
**Note: The authoring of this BDSA has been AI-assisted. The full technical details of the vulnerability have not been independently verified by the Black Duck Cybersecurity Research Center (CyRC).**
less...
|
|
| BDSA-2025-4338 |
|
Medium |
May 20, 2025 |
Libsoup is vulnerable to denial-of-service (DoS) due to an integer underflow in the `soup_multipart_new_from_message()` function. This could allow an a
more...
Libsoup is vulnerable to denial-of-service (DoS) due to an integer underflow in the `soup_multipart_new_from_message()` function. This could allow an attacker to remotely crash applications or services relying on the library by sending specially crafted multipart HTTP messages.
**Note: The authoring of this BDSA has been AI-assisted. The full technical details of the vulnerability have not been independently verified by the Black Duck Cybersecurity Research Center (CyRC).**
less...
|
|
| BDSA-2025-4337 |
|
Low |
May 20, 2025 |
Libsoup is vulnerable to integer overflow due to improper validation of large integer inputs during date arithmetic operations within the cookie parsin
more...
Libsoup is vulnerable to integer overflow due to improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines. This could allow an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior.
**Note: The authoring of this BDSA has been AI-assisted. The full technical details of the vulnerability have not been independently verified by the Black Duck Cybersecurity Research Center (CyRC).**
less...
|
|
| BDSA-2025-4293 |
|
Low |
May 19, 2025 |
Libsoup is vulnerable to denial-of-service (DoS) due to a flaw in processing the `WWW-Authenticate` header. This could allow an attacker to crash the c
more...
Libsoup is vulnerable to denial-of-service (DoS) due to a flaw in processing the `WWW-Authenticate` header. This could allow an attacker to crash the client application by sending a specifically crafted `401 Unauthorized` HTTP response with a malformed domain parameter.
**Note: The authoring of this BDSA has been AI-assisted. The full technical details of the vulnerability have not been independently verified by the Black Duck Cybersecurity Research Center (CyRC).**
less...
|
|
| BDSA-2025-3636 |
|
Low |
May 01, 2025 |
Libsoup is vulnerable to improper handling of case sensitivity due to a flaw in its cookie domain validation functionality. This could allow an attacke
more...
Libsoup is vulnerable to improper handling of case sensitivity due to a flaw in its cookie domain validation functionality. This could allow an attacker to set cookies for public suffix domains they do not own, potentially leading to integrity issues such as session fixation.
**Note: The authoring of this BDSA has been AI-assisted. The full technical details of the vulnerability have not been independently verified by the Black Duck Cybersecurity Research Center (CyRC).**
less...
|
|
| BDSA-2025-3153 |
|
Medium |
Apr 15, 2025 |
Libsoup is vulnerable to denial of service due to insufficient validation of HTTP/2 pseudo-header values `:scheme`, `:authority`, and `:path`. This cou
more...
Libsoup is vulnerable to denial of service due to insufficient validation of HTTP/2 pseudo-header values `:scheme`, `:authority`, and `:path`. This could allow an attacker to crash the server by sending a malicious HTTP request.
**Note: The authoring of this BDSA has been AI-assisted. The full technical details of the vulnerability have not been independently verified by the Black Duck Cybersecurity Research Center (CyRC).**
less...
|
|
| BDSA-2025-3152 |
|
Medium |
Apr 15, 2025 |
Libsoup is vulnerable to a null pointer dereference due to a flaw in the `sniff_mp4` function within the `SoupContentSniffer` component. This could all
more...
Libsoup is vulnerable to a null pointer dereference due to a flaw in the `sniff_mp4` function within the `SoupContentSniffer` component. This could allow an attacker to cause the libsoup client to crash by sending a malicious HTTP response.
**Note: The authoring of this BDSA has been AI-assisted. The full technical details of the vulnerability have not been independently verified by the Black Duck Cybersecurity Research Center (CyRC).**
less...
|
|
| BDSA-2025-3150 |
|
Medium |
Apr 15, 2025 |
Libsoup is vulnerable to an out-of-bounds read due to a flaw in the `soup_multipart_new_from_message()` function. This could allow an attacker to induc
more...
Libsoup is vulnerable to an out-of-bounds read due to a flaw in the `soup_multipart_new_from_message()` function. This could allow an attacker to induce the libsoup server to read memory outside of its intended bounds, potentially leading to a crash or unauthorized access to sensitive information.
**Note: The authoring of this BDSA has been AI-assisted. The full technical details of the vulnerability have not been independently verified by the Black Duck Cybersecurity Research Center (CyRC).**
less...
|
|
