CVE-2017-2885
Description
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
8.547
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| HTTP client/server library for GNOME (USN-3383-1) libsoup2.4-1_2.44.2-1ubuntu2.3_amd64.deb | Linux |
| HTTP client/server library for GNOME (USN-3383-1) libsoup2.4-1_2.44.2-1ubuntu2.3_i386.deb | Linux |
| HTTP client/server library for GNOME (USN-3383-1) libsoup2.4-1_2.52.2-1ubuntu0.3_amd64.deb | Linux |
| HTTP client/server library for GNOME (USN-3383-1) libsoup2.4-1_2.52.2-1ubuntu0.3_i386.deb | Linux |
| HTTP client/server library for GNOME (USN-3383-1) libsoup2.4-1_2.56.0-2ubuntu0.1_i386.deb | Linux |
| HTTP client/server library for GNOME (USN-3383-1) libsoup2.4-1_2.56.0-2ubuntu0.1_amd64.deb | Linux |
| HTTP client/server library for GNOME (USN-3383-1) gir1.2-soup-2.4_2.44.2-1ubuntu2.3_amd64.deb | Linux |
| HTTP client/server library for GNOME (USN-3383-1) gir1.2-soup-2.4_2.44.2-1ubuntu2.3_i386.deb | Linux |
| HTTP client/server library for GNOME (USN-3383-1) gir1.2-soup-2.4_2.52.2-1ubuntu0.3_amd64.deb | Linux |
| HTTP client/server library for GNOME (USN-3383-1) gir1.2-soup-2.4_2.52.2-1ubuntu0.3_i386.deb | Linux |
| HTTP client/server library for GNOME (USN-3383-1) gir1.2-soup-2.4_2.56.0-2ubuntu0.1_i386.deb | Linux |
| HTTP client/server library for GNOME (USN-3383-1) gir1.2-soup-2.4_2.56.0-2ubuntu0.1_amd64.deb | Linux |
| HTTP client/server library for GNOME (USN-3383-1) libsoup-gnome2.4-1_2.44.2-1ubuntu2.3_amd64.deb | Linux |
| HTTP client/server library for GNOME (USN-3383-1) libsoup-gnome2.4-1_2.44.2-1ubuntu2.3_i386.deb | Linux |
| HTTP client/server library for GNOME (USN-3383-1) libsoup-gnome2.4-1_2.52.2-1ubuntu0.3_amd64.deb | Linux |
| HTTP client/server library for GNOME (USN-3383-1) libsoup-gnome2.4-1_2.52.2-1ubuntu0.3_i386.deb | Linux |
| HTTP client/server library for GNOME (USN-3383-1) libsoup-gnome2.4-1_2.56.0-2ubuntu0.1_i386.deb | Linux |
| HTTP client/server library for GNOME (USN-3383-1) libsoup-gnome2.4-1_2.56.0-2ubuntu0.1_amd64.deb | Linux |
| (RHSA-2017:2459) Important: libsoup security update libsoup-2.56.0-4.el7_4.i686.rpm | Linux |
| (RHSA-2017:2459) Important: libsoup security update libsoup-2.56.0-4.el7_4.x86_64.rpm | Linux |
| (RHSA-2017:2459) Important: libsoup security update libsoup-devel-2.56.0-4.el7_4.i686.rpm | Linux |
| (RHSA-2017:2459) Important: libsoup security update libsoup-devel-2.56.0-4.el7_4.x86_64.rpm | Linux |
| SUSE-SU-2018:2204-1(SUSE Linux Enterprise Desktop 12-SP3 ) libsoup-2_4-1-2.62.2-5.7.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2204-1(SUSE Linux Enterprise Desktop 12-SP3 ) libsoup-2_4-1-32bit-2.62.2-5.7.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2204-1(SUSE Linux Enterprise Desktop 12-SP3 ) libsoup-2_4-1-debuginfo-2.62.2-5.7.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2204-1(SUSE Linux Enterprise Desktop 12-SP3 ) libsoup-2_4-1-debuginfo-32bit-2.62.2-5.7.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2204-1(SUSE Linux Enterprise Desktop 12-SP3 ) libsoup-debugsource-2.62.2-5.7.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2204-1(SUSE Linux Enterprise Desktop 12-SP3 ) libsoup-lang-2.62.2-5.7.1.noarch.rpm | Linux |
| SUSE-SU-2018:2204-1(SUSE Linux Enterprise Desktop 12-SP3 ) typelib-1_0-Soup-2_4-2.62.2-5.7.1.x86_64.rpm | Linux |
| SUSE-SU-2017:2129-1(SUSE Linux Enterprise Desktop 12-SP2 ) libsoup-2_4-1-2.54.1-5.3.1.x86_64.rpm | Linux |
| SUSE-SU-2017:2129-1(SUSE Linux Enterprise Desktop 12-SP2 ) libsoup-2_4-1-32bit-2.54.1-5.3.1.x86_64.rpm | Linux |
| SUSE-SU-2017:2129-1(SUSE Linux Enterprise Desktop 12-SP2 ) libsoup-2_4-1-debuginfo-2.54.1-5.3.1.x86_64.rpm | Linux |
| SUSE-SU-2017:2129-1(SUSE Linux Enterprise Desktop 12-SP2 ) libsoup-2_4-1-debuginfo-32bit-2.54.1-5.3.1.x86_64.rpm | Linux |
| SUSE-SU-2017:2129-1(SUSE Linux Enterprise Desktop 12-SP2 ) libsoup-debugsource-2.54.1-5.3.1.x86_64.rpm | Linux |
| SUSE-SU-2017:2129-1(SUSE Linux Enterprise Desktop 12-SP2 ) libsoup-lang-2.54.1-5.3.1.noarch.rpm | Linux |
| SUSE-SU-2017:2129-1(SUSE Linux Enterprise Desktop 12-SP2 ) typelib-1_0-Soup-2_4-2.54.1-5.3.1.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234