2439671 – (CVE-2026-2443) CVE-2026-2443 libsoup: Out-of-Bounds Read in libsoup handle_partial_get() Leading to Heap Information Disclosure

Bug 2439671 (CVE-2026-2443) - CVE-2026-2443 libsoup: Out-of-Bounds Read in libsoup handle_partial_get() Leading to Heap Information Disclosure

Summary: CVE-2026-2443 libsoup: Out-of-Bounds Read in libsoup handle_partial_get() Lea...

Keywords:
Status:	NEW
Alias:	CVE-2026-2443
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2439672 2439673
Blocks:
TreeView+	depends on / blocked

Reported:	2026-02-13 11:36 UTC by OSIDB Bzimport
Modified:	2026-02-13 11:53 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-02-13 11:36:27 UTC

Out-of-bounds read vulnerability in the handle_partial_get() function of libsoup when processing HTTP Range headers. The issue occurs because the end value of the byte range is not properly validated against the total response size. If GLib is compiled with G_DISABLE_CHECKS, the call to g_bytes_new_from_bytes() may create a slice that exceeds the bounds of the original buffer. A specially crafted HTTP request with a large range value can cause heap memory beyond the intended response body to be returned to the attacker. This vulnerability can be triggered remotely without authentication or user interaction, potentially exposing portions of server heap memory.

Note You need to log in before you can comment on or make changes to this bug.