VDB

GCVE-110-MAGEIA-2024-382

GCVE-110-MAGEIA-2024-382
Advisory Published
Vulnetix · Advisory published November 29, 2024
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header. (CVE-2024-52530) GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. Input received over the network cannot trigger this. (CVE-2024-52531) GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients. (CVE-2024-52532)

Affected Products

VendorProductVersionsPlatforms
Mageialibsoup30 (affected), 3.4.2-1.1.mga9 (unaffected)
Mageialibsoup0 (affected), 2.74.3-1.1.mga9 (unaffected)

Browse GCVE Records

73,738 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›