CVE-2011-2524 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:P/I:N/A:N
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 68%

Vendor	Product	Version
gnome	libsoup	𝑥 ≤ 2.35.3
gnome	libsoup	2.0
gnome	libsoup	2.2
gnome	libsoup	2.2.0
gnome	libsoup	2.2.1
gnome	libsoup	2.2.2
gnome	libsoup	2.2.3
gnome	libsoup	2.2.4
gnome	libsoup	2.2.5
gnome	libsoup	2.2.6
gnome	libsoup	2.2.6.1
gnome	libsoup	2.2.7
gnome	libsoup	2.2.91
gnome	libsoup	2.2.92
gnome	libsoup	2.2.93
gnome	libsoup	2.2.94
gnome	libsoup	2.2.95.1
gnome	libsoup	2.2.96
gnome	libsoup	2.2.97
gnome	libsoup	2.2.98
gnome	libsoup	2.2.99
gnome	libsoup	2.2.100
gnome	libsoup	2.2.101
gnome	libsoup	2.2.102
gnome	libsoup	2.2.103
gnome	libsoup	2.2.104
gnome	libsoup	2.3.0.1
gnome	libsoup	2.3.2
gnome	libsoup	2.3.4
gnome	libsoup	2.4.0
gnome	libsoup	2.4.1
gnome	libsoup	2.23.1
gnome	libsoup	2.23.6
gnome	libsoup	2.23.91
gnome	libsoup	2.23.92
gnome	libsoup	2.24.0.1
gnome	libsoup	2.24.1
gnome	libsoup	2.25.2
gnome	libsoup	2.25.3
gnome	libsoup	2.25.4
gnome	libsoup	2.25.5
gnome	libsoup	2.25.91
gnome	libsoup	2.26.0
gnome	libsoup	2.26.1
gnome	libsoup	2.27.1
gnome	libsoup	2.27.2
gnome	libsoup	2.27.4
gnome	libsoup	2.27.5
gnome	libsoup	2.27.90
gnome	libsoup	2.27.91
gnome	libsoup	2.27.92
gnome	libsoup	2.28.0
gnome	libsoup	2.28.1
gnome	libsoup	2.29.3
gnome	libsoup	2.29.5
gnome	libsoup	2.29.6
gnome	libsoup	2.29.90
gnome	libsoup	2.29.91
gnome	libsoup	2.30.0
gnome	libsoup	2.30.1
gnome	libsoup	2.31.2
gnome	libsoup	2.31.6
gnome	libsoup	2.31.90
gnome	libsoup	2.31.92
gnome	libsoup	2.32.0
gnome	libsoup	2.32.1
gnome	libsoup	2.32.2
gnome	libsoup	2.33.4
gnome	libsoup	2.33.5
gnome	libsoup	2.33.6
gnome	libsoup	2.33.90
gnome	libsoup	2.33.92
gnome	libsoup	2.34.0
gnome	libsoup	2.34.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libsoup2.4

bullseye	2.72.0-2 fixed
bookworm	2.74.3-1 fixed
sid	2.74.3-8 fixed
trixie	2.74.3-8 fixed

Ubuntu Releases

Ubuntu Product

Codename

libsoup

natty	dne
maverick	dne
lucid	dne
hardy	ignored

libsoup2.4

natty	Fixed 2.34.0-0ubuntu1.1 released
maverick	Fixed 2.31.92-0ubuntu1.1 released
lucid	Fixed 2.30.2-0ubuntu0.2 released
hardy	ignored

Common Weakness Enumeration

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References

http://git.gnome.org/browse/libsoup/tree/NEWS

http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063431.html

http://secunia.com/advisories/47299

http://www.debian.org/security/2011/dsa-2369

http://www.redhat.com/support/errata/RHSA-2011-1102.html

http://www.securitytracker.com/id?1025864

http://www.ubuntu.com/usn/USN-1181-1

https://bugzilla.gnome.org/show_bug.cgi?id=653258

http://git.gnome.org/browse/libsoup/tree/NEWS

http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063431.html

http://secunia.com/advisories/47299

http://www.debian.org/security/2011/dsa-2369

http://www.redhat.com/support/errata/RHSA-2011-1102.html

http://www.securitytracker.com/id?1025864

http://www.ubuntu.com/usn/USN-1181-1

https://bugzilla.gnome.org/show_bug.cgi?id=653258