A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a full denial of service.
The product has a loop body or loop condition that contains a control element that directly or indirectly consumes platform resources, e.g. messaging, sessions, locks, or file descriptors.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | RedHat | libsoup-0:2.72.0-8.el9_0.4 | * |
| Red Hat Enterprise Linux 9.2 Extended Update Support | RedHat | libsoup-0:2.72.0-8.el9_2.4 | * |
| Red Hat Enterprise Linux 9.4 Extended Update Support | RedHat | libsoup-0:2.72.0-8.el9_4.4 | * |
This issue can make the product perform more slowly. If an attacker can influence the number of iterations in the loop, then this performance problem might allow a denial of service by consuming more platform resources than intended.