HarborGuard / CVE
Back to search
HIGHCVE-2026-0719Published Modified CNA redhat

CVE-2026-0719: Libsoup: signed to unsigned conversion error leading to stack-based buffer overflow in libsoup ntlm authentication

A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.

Metrics

CVSS v3.1
8.6
Severity
HIGH
Fixed in
0:2.62.2-11.el7_9
Affected Products
31

Fix available

0:2.62.2-11.el7_90:2.62.3-1.el8_2.80:2.62.3-2.el8_4.80:2.62.3-2.el8_6.80:2.62.3-3.el8_8.80:2.62.3-13.el8_100:2.72.0-8.el9_0.90:2.72.0-8.el9_2.100:2.72.0-8.el9_4.90:2.72.0-10.el9_6.60:2.72.0-12.el9_7.50:3.6.5-3.el10_0.140:3.6.5-3.el10_1.90:8.10-70:8.10-7.el8_2.10:8.10-7.el8_4.10:8.10-7.el8_6.10:8.10-7.el8_8.1sha256:48d31aa446fe1033ad770ed74442053bcee5102035a9c618fb81cde1743a9692sha256:619c10386e0224e5228876a434c5b8d78d251bc383e2a9491503d6ceddd33c96sha256:bb9f0ee4fa785a4c3d4a3f6f5e177f4a41350ccef40bc53bfeedee2d52061472
Affected packages
  • Red Hat / Red Hat Enterprise Linux 10
    Fixed in 0:3.6.5-3.el10_1.9
  • Red Hat / Red Hat Enterprise Linux 10.0 Extended Update Support
    Fixed in 0:3.6.5-3.el10_0.14
  • Red Hat / Red Hat Enterprise Linux 7 Extended Lifecycle Support
    Fixed in 0:2.62.2-11.el7_9
  • Red Hat / Red Hat Enterprise Linux 8
    Fixed in 0:8.10-7
  • Red Hat / Red Hat Enterprise Linux 8
    Fixed in 0:2.62.3-13.el8_10
  • Red Hat / Red Hat Enterprise Linux 8
    Fixed in 0:2.62.3-13.el8_10
  • Red Hat / Red Hat Enterprise Linux 8.2 Advanced Update Support
    Fixed in 0:2.62.3-1.el8_2.8
  • Red Hat / Red Hat Enterprise Linux 8.2 Advanced Update Support
    Fixed in 0:8.10-7.el8_2.1
  • Red Hat / Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
    Fixed in 0:2.62.3-2.el8_4.8
  • Red Hat / Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
    Fixed in 0:8.10-7.el8_4.1
  • Red Hat / Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
    Fixed in 0:2.62.3-2.el8_4.8
  • Red Hat / Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
    Fixed in 0:8.10-7.el8_4.1
  • Red Hat / Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
    Fixed in 0:2.62.3-2.el8_6.8
  • Red Hat / Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
    Fixed in 0:8.10-7.el8_6.1
  • Red Hat / Red Hat Enterprise Linux 8.6 Telecommunications Update Service
    Fixed in 0:2.62.3-2.el8_6.8
  • Red Hat / Red Hat Enterprise Linux 8.6 Telecommunications Update Service
    Fixed in 0:8.10-7.el8_6.1
  • Red Hat / Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
    Fixed in 0:2.62.3-2.el8_6.8
  • Red Hat / Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
    Fixed in 0:8.10-7.el8_6.1
  • Red Hat / Red Hat Enterprise Linux 8.8 Telecommunications Update Service
    Fixed in 0:2.62.3-3.el8_8.8
  • Red Hat / Red Hat Enterprise Linux 8.8 Telecommunications Update Service
    Fixed in 0:8.10-7.el8_8.1
  • Red Hat / Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
    Fixed in 0:2.62.3-3.el8_8.8
  • Red Hat / Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
    Fixed in 0:8.10-7.el8_8.1
  • Red Hat / Red Hat Enterprise Linux 9
    Fixed in 0:2.72.0-12.el9_7.5
  • Red Hat / Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
    Fixed in 0:2.72.0-8.el9_0.9
  • Red Hat / Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
    Fixed in 0:2.72.0-8.el9_2.10
  • Red Hat / Red Hat Enterprise Linux 9.4 Extended Update Support
    Fixed in 0:2.72.0-8.el9_4.9
  • Red Hat / Red Hat Enterprise Linux 9.6 Extended Update Support
    Fixed in 0:2.72.0-10.el9_6.6
  • Red Hat / Red Hat OpenShift Dev Spaces (RHOSDS) 3.26
    Fixed in sha256:619c10386e0224e5228876a434c5b8d78d251bc383e2a9491503d6ceddd33c96
  • Red Hat / Red Hat OpenShift Dev Spaces (RHOSDS) 3.26
    Fixed in sha256:48d31aa446fe1033ad770ed74442053bcee5102035a9c618fb81cde1743a9692
  • Red Hat / Red Hat OpenShift Dev Spaces (RHOSDS) 3.26
    Fixed in sha256:bb9f0ee4fa785a4c3d4a3f6f5e177f4a41350ccef40bc53bfeedee2d52061472
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
References