Fedora Account System
Red Hat Associate
Red Hat Customer
**Vulnerability Reference:** A flaw in libsoup's WebSocket implementation allows a remote attacker to trigger a denial of service (DoS) by exploiting a protocol validation failure. **Component / Vulnerable Part:** `libsoup` -> `libsoup/websocket/soup-websocket-connection.c` (Control frame parser) **Technical Analysis & Root Cause:** Per RFC 6455 ยง5.5, WebSocket control frames (PING, PONG, CLOSE) must not exceed a payload length of 125 bytes and cannot be fragmented. libsoup's frame parsing logic fails to immediately reject non-compliant control frames exceeding this limit. When an oversized control frame is received, the unexpected state disrupts the state machine or triggers an unhandled execution error, forcing the library to abruptly crash. **Impact:** A remote, unauthenticated attacker (client or server) can send a single malformed, oversized control frame to instantly terminate the connection wrapper, resulting in a remote denial of service for any application using libsoup WebSockets.