Bug 2499924 (CVE-2026-15711) - CVE-2026-15711 libsoup: SoupWebsocketConnection: libsoup: WebSocket remote denial of service via oversized control frame protocol violation
Summary: CVE-2026-15711 libsoup: SoupWebsocketConnection: libsoup: WebSocket remote de...
Keywords:
Status: NEW
Alias: CVE-2026-15711
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2500545 2500546 2500547
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-07-14 09:53 UTC by OSIDB Bzimport
Modified: 2026-07-14 19:41 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-07-14 09:53:23 UTC
**Vulnerability Reference:**

A flaw in libsoup's WebSocket implementation allows a remote attacker to trigger a denial of service (DoS) by exploiting a protocol validation failure.

**Component / Vulnerable Part:**

`libsoup` -> `libsoup/websocket/soup-websocket-connection.c` (Control frame parser)

**Technical Analysis & Root Cause:**

Per RFC 6455 ยง5.5, WebSocket control frames (PING, PONG, CLOSE) must not exceed a payload length of 125 bytes and cannot be fragmented. libsoup's frame parsing logic fails to immediately reject non-compliant control frames exceeding this limit. When an oversized control frame is received, the unexpected state disrupts the state machine or triggers an unhandled execution error, forcing the library to abruptly crash.

**Impact:**

A remote, unauthenticated attacker (client or server) can send a single malformed, oversized control frame to instantly terminate the connection wrapper, resulting in a remote denial of service for any application using libsoup WebSockets.


Note You need to log in before you can comment on or make changes to this bug.