Fedora Account System
Red Hat Associate
Red Hat Customer
Vulnerability Reference: An out-of-bounds (OOB) read flaw was discovered in libsoup's multipart input streaming parser, allowing a remote attacker to trigger a crash or potentially expose sensitive memory contents. Component / Vulnerable Part: libsoup -> Multipart handling engine (libsoup/soup-multipart-input-stream.c -> soup_multipart_input_stream_read_headers()) Technical Analysis & Root Cause: When an application utilizing a SoupSession parses a multipart MIME message response, it invokes soup_multipart_input_stream_read_headers() to extract contextual block structures. A validation vulnerability exists where the logic fails to enforce strict length limits on the incoming boundary string delimiter. If a malicious remote endpoint supplies an exceptionally large multipart boundary string, the internal memory pointer indexing calculations drift past the expected buffer boundaries, triggering an out-of-bounds read operation on the heap or stack layout. Impact: A remote, unauthenticated attacker serving a malformed multipart HTTP payload can cause the application process to terminate unexpectedly (Denial of Service) via a segmentation fault or glean layout information from adjacent memory locations.