A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a full denial of service.
The product has a loop body or loop condition that contains a control element that directly or indirectly consumes platform resources, e.g. messaging, sessions, locks, or file descriptors.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Red Hat Enterprise Linux 10 | RedHat | libsoup3-0:3.6.5-3.el10_0.6 | * |
| Red Hat Enterprise Linux 8 | RedHat | mingw-freetype-0:2.8-3.el8_10.1 | * |
| Red Hat Enterprise Linux 8 | RedHat | spice-client-win-0:8.10-1 | * |
| Red Hat Enterprise Linux 9 | RedHat | libsoup-0:2.72.0-10.el9_6.1 | * |
| Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | RedHat | libsoup-0:2.72.0-8.el9_0.4 | * |
| Red Hat Enterprise Linux 9.2 Extended Update Support | RedHat | libsoup-0:2.72.0-8.el9_2.4 | * |
| Red Hat Enterprise Linux 9.4 Extended Update Support | RedHat | libsoup-0:2.72.0-8.el9_4.4 | * |
| Libsoup2.4 | Ubuntu | focal | * |
| Libsoup2.4 | Ubuntu | upstream | * |
| Libsoup3 | Ubuntu | upstream | * |
This issue can make the product perform more slowly. If an attacker can influence the number of iterations in the loop, then this performance problem might allow a denial of service by consuming more platform resources than intended.