HarborGuard / CVE
Back to search
HIGHCVE-2026-1761Published Modified CNA redhat

CVE-2026-1761: Libsoup: stack-based buffer overflow in libsoup multipart response parsingmultipart http response

A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.

Metrics

CVSS v3.1
8.6
Severity
HIGH
Fixed in
0:2.62.2-11.el7_9
Affected Products
32

Fix available

0:2.62.2-11.el7_90:2.62.3-1.el8_2.80:2.62.3-2.el8_4.80:2.62.3-2.el8_6.80:2.62.3-3.el8_8.80:2.62.3-13.el8_100:2.72.0-8.el9_0.90:2.72.0-8.el9_2.100:2.72.0-8.el9_4.90:2.72.0-10.el9_6.60:2.72.0-12.el9_7.50:3.6.5-3.el10_0.140:3.6.5-3.el10_1.90:3.6.5-3.el10_1.100:8.10-70:8.10-7.el8_2.10:8.10-7.el8_4.10:8.10-7.el8_6.10:8.10-7.el8_8.1sha256:25de67b5c2c60597173d977b2a09ecd14a9b2d60c4fd24ac0c8bf3c1ac6c000esha256:619c10386e0224e5228876a434c5b8d78d251bc383e2a9491503d6ceddd33c96sha256:f3428de9e2ede29629694ab02ff8ca25543f3bc8a7300d1de95c00724e31c4b5
Affected packages
  • Red Hat / Red Hat Enterprise Linux 10
    Fixed in 0:3.6.5-3.el10_1.9
  • Red Hat / Red Hat Enterprise Linux 10
    Fixed in 0:3.6.5-3.el10_1.10
  • Red Hat / Red Hat Enterprise Linux 10.0 Extended Update Support
    Fixed in 0:3.6.5-3.el10_0.14
  • Red Hat / Red Hat Enterprise Linux 7 Extended Lifecycle Support
    Fixed in 0:2.62.2-11.el7_9
  • Red Hat / Red Hat Enterprise Linux 8
    Fixed in 0:8.10-7
  • Red Hat / Red Hat Enterprise Linux 8
    Fixed in 0:2.62.3-13.el8_10
  • Red Hat / Red Hat Enterprise Linux 8
    Fixed in 0:2.62.3-13.el8_10
  • Red Hat / Red Hat Enterprise Linux 8.2 Advanced Update Support
    Fixed in 0:2.62.3-1.el8_2.8
  • Red Hat / Red Hat Enterprise Linux 8.2 Advanced Update Support
    Fixed in 0:8.10-7.el8_2.1
  • Red Hat / Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
    Fixed in 0:2.62.3-2.el8_4.8
  • Red Hat / Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
    Fixed in 0:8.10-7.el8_4.1
  • Red Hat / Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
    Fixed in 0:2.62.3-2.el8_4.8
  • Red Hat / Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
    Fixed in 0:8.10-7.el8_4.1
  • Red Hat / Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
    Fixed in 0:2.62.3-2.el8_6.8
  • Red Hat / Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
    Fixed in 0:8.10-7.el8_6.1
  • Red Hat / Red Hat Enterprise Linux 8.6 Telecommunications Update Service
    Fixed in 0:2.62.3-2.el8_6.8
  • Red Hat / Red Hat Enterprise Linux 8.6 Telecommunications Update Service
    Fixed in 0:8.10-7.el8_6.1
  • Red Hat / Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
    Fixed in 0:2.62.3-2.el8_6.8
  • Red Hat / Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
    Fixed in 0:8.10-7.el8_6.1
  • Red Hat / Red Hat Enterprise Linux 8.8 Telecommunications Update Service
    Fixed in 0:2.62.3-3.el8_8.8
  • Red Hat / Red Hat Enterprise Linux 8.8 Telecommunications Update Service
    Fixed in 0:8.10-7.el8_8.1
  • Red Hat / Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
    Fixed in 0:2.62.3-3.el8_8.8
  • Red Hat / Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
    Fixed in 0:8.10-7.el8_8.1
  • Red Hat / Red Hat Enterprise Linux 9
    Fixed in 0:2.72.0-12.el9_7.5
  • Red Hat / Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
    Fixed in 0:2.72.0-8.el9_0.9
  • Red Hat / Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
    Fixed in 0:2.72.0-8.el9_2.10
  • Red Hat / Red Hat Enterprise Linux 9.4 Extended Update Support
    Fixed in 0:2.72.0-8.el9_4.9
  • Red Hat / Red Hat Enterprise Linux 9.6 Extended Update Support
    Fixed in 0:2.72.0-10.el9_6.6
  • Red Hat / Red Hat OpenShift Dev Spaces (RHOSDS) 3.26
    Fixed in sha256:619c10386e0224e5228876a434c5b8d78d251bc383e2a9491503d6ceddd33c96
  • Red Hat / Red Hat OpenShift Dev Spaces (RHOSDS) 3.26
    Fixed in sha256:25de67b5c2c60597173d977b2a09ecd14a9b2d60c4fd24ac0c8bf3c1ac6c000e
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
References