A vulnerability was found in libsoup through 2.68.1 has a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy. Reference: https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1705054.html https://gitlab.gnome.org/GNOME/libsoup/commit/f8a54ac85eec2008c85393f331cdd251af8266ad https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941912
Created libsoup tracking bugs for this issue: Affects: fedora-all [bug 1771294] Created mingw-libsoup tracking bugs for this issue: Affects: epel-7 [bug 1771296] Affects: fedora-all [bug 1771295]
According to upstream, this bug affects libsoup from 2.65.1 until 2.68.1 and previous versions are unaffected. First vulnerable commit is probably: https://gitlab.gnome.org/GNOME/libsoup/commit/0e7b2c1466434a992b6a387497432e1c97b6125c Which was released for the first time in libsoup 2.65.1.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-17266