CVE-2019-17266

Published: Oct 6, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://gitlab.gnome.org/GNOME/libsoup/issues/173

x_refsource_MISC

https://security-tracker.debian.org/tracker/CVE-2019-17266

x_refsource_MISC

https://gitlab.gnome.org/GNOME/libsoup/commit/88b7dff4467f4151afae244ea7d1223753cd05ab

x_refsource_MISC

https://github.com/Kirin-say/Vulnerabilities/blob/master/CVE-2019-17266_POC.md

x_refsource_MISC

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941912

x_refsource_MISC

https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1705054.html

x_refsource_MISC

https://gitlab.gnome.org/GNOME/libsoup/commit/f8a54ac85eec2008c85393f331cdd251af8266ad

x_refsource_MISC

USN-4152-1

vendor-advisory

x_refsource_UBUNTU

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-17266

Description

Affected Products

References