[3.7] libsoup: Stack based buffer overflow with HTTP Chunked Encoding (CVE-2017-2885)
An exploitable stack based buffer overflow vulnerability exists in the
GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack
overflow resulting in remote code execution. An attacker can send a
special HTTP request to the vulnerable server to trigger this
vulnerability.
Fixed In Version:
libsoup 2.59.90.1, libsoup 2.58.2, libsoup 2.56.1
References:
http://openwall.com/lists/oss-security/2017/08/10/1
https://bugzilla.gnome.org/show\_bug.cgi?id=785774
Patch:
https://git.gnome.org/browse/libsoup/commit/?id=03c91c76daf70ee227f38304c5e45a155f45073d
(from redmine: issue id 7676, created on 2017-08-11, closed on 2017-08-14)
- Relations:
- parent #7675 (closed)
- Changesets:
- Revision 6420e05f by Francesco Colista on 2017-08-14T10:15:41Z:
main/libsoup: security upgrade to 2.58.2
CVE-2017-2885
Fixes #7676