A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the application attempting to access memory that has already been freed, potentially causing application instability or crashes, resulting in a Denial of Service (DoS).
Weakness
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory “belongs” to the code that operates on the new pointer.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Libsoup | Gnome | - (including) | - (including) |
| Enterprise_linux | Redhat | 6.0 (including) | 6.0 (including) |
| Enterprise_linux | Redhat | 7.0 (including) | 7.0 (including) |
| Enterprise_linux | Redhat | 8.0 (including) | 8.0 (including) |
| Enterprise_linux | Redhat | 9.0 (including) | 9.0 (including) |
| Enterprise_linux | Redhat | 10.0 (including) | 10.0 (including) |
| Red Hat Enterprise Linux 10 | RedHat | libsoup3-0:3.6.5-3.el10_1.11 | * |
| Red Hat Enterprise Linux 10 | RedHat | libsoup3-0:3.6.5-3.el10_2.11 | * |
| Red Hat Enterprise Linux 10.0 Extended Update Support | RedHat | libsoup3-0:3.6.5-3.el10_0.15 | * |
| Libsoup2.4 | Ubuntu | esm-infra/xenial | * |
Potential Mitigations
References
- https://access.redhat.com/errata/RHSA-2026:15968
- https://access.redhat.com/errata/RHSA-2026:17482
- https://access.redhat.com/errata/RHSA-2026:19143
- https://access.redhat.com/security/cve/CVE-2026-4271
- https://bugzilla.redhat.com/show_bug.cgi?id=2448044
- https://gitlab.gnome.org/GNOME/libsoup/-/issues/496
- https://gitlab.gnome.org/GNOME/libsoup/-/issues/496