2427896 – (CVE-2026-0716) CVE-2026-0716 libsoup: Out-of-Bounds Read in libsoup WebSocket Frame Processing

Bug 2427896 (CVE-2026-0716) - CVE-2026-0716 libsoup: Out-of-Bounds Read in libsoup WebSocket Frame Processing

Summary: CVE-2026-0716 libsoup: Out-of-Bounds Read in libsoup WebSocket Frame Processing

Keywords:
Status:	NEW
Alias:	CVE-2026-0716
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2427900 2427901 2427902 2427903 2427904 2427905
Blocks:
TreeView+	depends on / blocked

Reported:	2026-01-08 11:52 UTC by OSIDB Bzimport
Modified:	2026-01-08 12:09 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-01-08 11:52:27 UTC

An out-of-bounds read vulnerability exists in the process_frame() function of libsoup’s SoupWebSocketConnection. When max_incoming_payload_size is explicitly set to 0, improper bounds handling allows the function to read beyond the allocated buffer while processing WebSocket frames. This condition can lead to memory disclosure or application instability. Exploitation requires a non-default configuration and a remote attacker capable of sending crafted WebSocket frames.

Note You need to log in before you can comment on or make changes to this bug.