{"schema_version":"1.7.2","id":"OESA-2026-2666","modified":"2026-06-12T12:26:56Z","published":"2026-06-12T12:26:56Z","upstream":["CVE-2025-32049","CVE-2025-32050","CVE-2025-32051","CVE-2025-32907","CVE-2026-1760","CVE-2026-2436","CVE-2026-2708"],"summary":"libsoup3 security update","details":"Libsoup is an HTTP library implementation in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages.\r\n\r\nSecurity Fix(es):\n\nA flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).(CVE-2025-32049)\n\nA flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read.(CVE-2025-32050)\n\nA flaw was found in libsoup. The libsoup soup_uri_decode_data_uri() function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service (DoS).(CVE-2025-32051)\n\nA flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a full denial of service.(CVE-2025-32907)\n\nA flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. A remote, unauthenticated client can exploit this by sending specially crafted requests, causing SoupServer to fail to close the connection as required by RFC 9112. This allows the attacker to smuggle additional requests over the persistent connection, leading to unintended request processing and potential denial-of-service (DoS) conditions.(CVE-2026-1760)\n\nA flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the `soup_server_disconnect()` function frees connection objects prematurely, even if a TLS handshake is still pending. If the handshake completes after the connection object has been freed, a dangling pointer is accessed, leading to a server crash and a Denial of Service.(CVE-2026-2436)\n\nA request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_headers_append_common() function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate or conflicting Content-Length fields. This allows an attacker to send HTTP requests containing multiple Content-Length headers with differing values.(CVE-2026-2708)","affected":[{"package":{"ecosystem":"openEuler:24.03-LTS-SP1","name":"libsoup3","purl":"pkg:rpm/openEuler/libsoup3&distro=openEuler-24.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.4.5-19.oe2403sp1"}]}],"ecosystem_specific":{"aarch64":["libsoup3-3.4.5-19.oe2403sp1.aarch64.rpm","libsoup3-debuginfo-3.4.5-19.oe2403sp1.aarch64.rpm","libsoup3-debugsource-3.4.5-19.oe2403sp1.aarch64.rpm","libsoup3-devel-3.4.5-19.oe2403sp1.aarch64.rpm"],"noarch":["libsoup3-help-3.4.5-19.oe2403sp1.noarch.rpm"],"src":["libsoup3-3.4.5-19.oe2403sp1.src.rpm"],"x86_64":["libsoup3-3.4.5-19.oe2403sp1.x86_64.rpm","libsoup3-debuginfo-3.4.5-19.oe2403sp1.x86_64.rpm","libsoup3-debugsource-3.4.5-19.oe2403sp1.x86_64.rpm","libsoup3-devel-3.4.5-19.oe2403sp1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2666"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32049"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32050"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32051"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32907"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1760"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2436"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2708"}],"database_specific":{"severity":"High"}}