#VU7866 Stack-based buffer overflow in libsoup - CVE-2017-2885


Vulnerability identifier: #VU7866

Vulnerability risk: High

CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2017-2885

CWE-ID: CWE-121

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
libsoup
Universal components / Libraries / Libraries used by multiple products

Vendor: Gnome Development Team

Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the in the libsoup library for GNOME due to improper bounds checking when processing a crafted HTTP request containing chunk encoded data. A remote attacker can send a specially crafted HTTP request, trigger a stack-based buffer overflow condition in the soup_body_input_stream_read_chunked function in the libsoup/soup-body-input-stream.c code and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation
The vulnerability is addressed in the following versions: 2.59.90.1, 2.58.2, and 2.56.1.

Vulnerable software versions

libsoup: 2.40 - 2.58

External links
https://bugzilla.gnome.org/show_bug.cgi?id=785774

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.


Latest bulletins with this vulnerability


OpenSUSE Linux update for libsoup
Gentoo update for libsoup
Stack-based buffer overflow in libsoup (Alpine package)
OpenSUSE Linux update for libsoup
Slackware Linux update for libsoup
Debian update for libsoup2.4
Remote code execution in GNOME libsoup
SUSE Linux update for libsoup
SUSE Linux update for libsoup
Arch Linux update for libsoup