Ubuntu 22.04 LTS / 24.04 LTS / 24.10 : libsoup3 vulnerabilities (USN-7127-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7127-1 advisory. It was discovered that libsoup ignored certain characters at the end of header names. A remote attacker could possibly use this issue to perform a HTTP request smuggling attack. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-52530) It was discovered that libsoup did not correctly handle memory while performing UTF-8 conversions. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2024-52531) It was discovered that libsoup could enter an infinite loop when reading certain websocket data. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-52532) Tenable has extracted the preceding description block directly from the Ubuntu security advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version…Read More