CVE-2019-17266

libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy.

Published : 2019-10-06 22:15 Updated : 2019-10-10 15:17

7.5
CVSS Score More info
Score 7.5 / 10
7.5
Vendor Product Version URI
Gnome Libsoup 2.68.1 cpe:/a:gnome:libsoup:2.68.1
Canonical Ubuntu Linux 18.04 cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~
Canonical Ubuntu Linux 19.04 cpe:/o:canonical:ubuntu_linux:19.04
  1. Gnome (1) Search CVE
    1. Libsoup (1) Search CVE
      1. 2.68.1
  2. Canonical (1) Search CVE
    1. Ubuntu Linux (2) Search CVE
      1. 18.04
      2. 19.04

CWE

ID Name Description Links
CWE-125 Out-of-bounds Read The software reads data past the end, or before the beginning, of the intended buffer. CVE

History of changes

Date Event
2019-10-10 15:17
2019-10-09 19:15
2019-10-06 22:15

New CVE