{"id":"OESA-2026-2667","summary":"libsoup3 security update","details":"Libsoup is an HTTP library implementation in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages.\r\n\r\nSecurity Fix(es):\n\nA flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).(CVE-2025-32049)\n\nA flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a full denial of service.(CVE-2025-32907)\n\nA flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the `soup_server_disconnect()` function frees connection objects prematurely, even if a TLS handshake is still pending. If the handshake completes after the connection object has been freed, a dangling pointer is accessed, leading to a server crash and a Denial of Service.(CVE-2026-2436)\n\nA request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_headers_append_common() function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate or conflicting Content-Length fields. This allows an attacker to send HTTP requests containing multiple Content-Length headers with differing values.(CVE-2026-2708)","modified":"2026-06-12T12:45:14.815606314Z","published":"2026-06-12T12:26:59Z","upstream":["CVE-2025-32049","CVE-2025-32907","CVE-2026-2436","CVE-2026-2708"],"database_specific":{"severity":"High"},"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2667"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32049"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32907"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2436"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2708"}],"affected":[{"package":{"name":"libsoup3","ecosystem":"openEuler:24.03-LTS-SP3","purl":"pkg:rpm/openEuler/libsoup3&distro=openEuler-24.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.4.5-19.oe2403sp3"}]}],"ecosystem_specific":{"aarch64":["libsoup3-3.4.5-19.oe2403sp3.aarch64.rpm","libsoup3-debuginfo-3.4.5-19.oe2403sp3.aarch64.rpm","libsoup3-debugsource-3.4.5-19.oe2403sp3.aarch64.rpm","libsoup3-devel-3.4.5-19.oe2403sp3.aarch64.rpm"],"noarch":["libsoup3-help-3.4.5-19.oe2403sp3.noarch.rpm"],"x86_64":["libsoup3-3.4.5-19.oe2403sp3.x86_64.rpm","libsoup3-debuginfo-3.4.5-19.oe2403sp3.x86_64.rpm","libsoup3-debugsource-3.4.5-19.oe2403sp3.x86_64.rpm","libsoup3-devel-3.4.5-19.oe2403sp3.x86_64.rpm"],"src":["libsoup3-3.4.5-19.oe2403sp3.src.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2026-2667.json"}}],"schema_version":"1.7.5"}