CVE-2011-2524 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:P/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 69%

Affected Products (NVD)

Vendor	Product	Version
gnome	libsoup	𝑥 ≤ 2.35.3
gnome	libsoup	2.0
gnome	libsoup	2.2
gnome	libsoup	2.2.0
gnome	libsoup	2.2.1
gnome	libsoup	2.2.2
gnome	libsoup	2.2.3
gnome	libsoup	2.2.4
gnome	libsoup	2.2.5
gnome	libsoup	2.2.6
gnome	libsoup	2.2.6.1
gnome	libsoup	2.2.7
gnome	libsoup	2.2.91
gnome	libsoup	2.2.92
gnome	libsoup	2.2.93
gnome	libsoup	2.2.94
gnome	libsoup	2.2.95.1
gnome	libsoup	2.2.96
gnome	libsoup	2.2.97
gnome	libsoup	2.2.98
gnome	libsoup	2.2.99
gnome	libsoup	2.2.100
gnome	libsoup	2.2.101
gnome	libsoup	2.2.102
gnome	libsoup	2.2.103
gnome	libsoup	2.2.104
gnome	libsoup	2.3.0.1
gnome	libsoup	2.3.2
gnome	libsoup	2.3.4
gnome	libsoup	2.4.0
gnome	libsoup	2.4.1
gnome	libsoup	2.23.1
gnome	libsoup	2.23.6
gnome	libsoup	2.23.91
gnome	libsoup	2.23.92
gnome	libsoup	2.24.0.1
gnome	libsoup	2.24.1
gnome	libsoup	2.25.2
gnome	libsoup	2.25.3
gnome	libsoup	2.25.4
gnome	libsoup	2.25.5
gnome	libsoup	2.25.91
gnome	libsoup	2.26.0
gnome	libsoup	2.26.1
gnome	libsoup	2.27.1
gnome	libsoup	2.27.2
gnome	libsoup	2.27.4
gnome	libsoup	2.27.5
gnome	libsoup	2.27.90
gnome	libsoup	2.27.91
gnome	libsoup	2.27.92
gnome	libsoup	2.28.0
gnome	libsoup	2.28.1
gnome	libsoup	2.29.3
gnome	libsoup	2.29.5
gnome	libsoup	2.29.6
gnome	libsoup	2.29.90
gnome	libsoup	2.29.91
gnome	libsoup	2.30.0
gnome	libsoup	2.30.1
gnome	libsoup	2.31.2
gnome	libsoup	2.31.6
gnome	libsoup	2.31.90
gnome	libsoup	2.31.92
gnome	libsoup	2.32.0
gnome	libsoup	2.32.1
gnome	libsoup	2.32.2
gnome	libsoup	2.33.4
gnome	libsoup	2.33.5
gnome	libsoup	2.33.6
gnome	libsoup	2.33.90
gnome	libsoup	2.33.92
gnome	libsoup	2.34.0
gnome	libsoup	2.34.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libsoup2.4

bookworm	2.74.3-1 fixed
bullseye	2.72.0-2 fixed
sid	2.74.3-8 fixed
trixie	2.74.3-8 fixed

Ubuntu Releases

Ubuntu Product

Codename

libsoup

hardy	ignored
lucid	dne
maverick	dne
natty	dne

libsoup2.4

hardy	ignored
lucid	Fixed 2.30.2-0ubuntu0.2 released
maverick	Fixed 2.31.92-0ubuntu1.1 released
natty	Fixed 2.34.0-0ubuntu1.1 released

Common Weakness Enumeration

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References

http://git.gnome.org/browse/libsoup/tree/NEWS

http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063431.html

http://secunia.com/advisories/47299

http://www.debian.org/security/2011/dsa-2369

http://www.redhat.com/support/errata/RHSA-2011-1102.html

http://www.securitytracker.com/id?1025864

http://www.ubuntu.com/usn/USN-1181-1

https://bugzilla.gnome.org/show_bug.cgi?id=653258

http://git.gnome.org/browse/libsoup/tree/NEWS

http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063431.html

http://secunia.com/advisories/47299

http://www.debian.org/security/2011/dsa-2369

http://www.redhat.com/support/errata/RHSA-2011-1102.html

http://www.securitytracker.com/id?1025864

http://www.ubuntu.com/usn/USN-1181-1

https://bugzilla.gnome.org/show_bug.cgi?id=653258