CVE-2017-2885

An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
Affected Products (NVD)
VendorProductVersion
gnomelibsoup
2.58
debiandebian_linux
8.0
debiandebian_linux
9.0
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_aus
7.4
redhatenterprise_linux_server_eus
7.4
redhatenterprise_linux_server_eus
7.5
redhatenterprise_linux_server_tus
7.4
redhatenterprise_linux_workstation
7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libsoup2.4
bookworm
2.74.3-1
fixed
bullseye
2.72.0-2
fixed
sid
2.74.3-8
fixed
trixie
2.74.3-8
fixed
wheezy
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libsoup2.4
trusty
Fixed 2.44.2-1ubuntu2.2
released
xenial
Fixed 2.52.2-1ubuntu0.2
released
zesty
Fixed 2.56.0-2ubuntu0.1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libsoup-2_4-1
suse enterprise desktop 15
2.62.2-1.9
fixed
suse enterprise desktop 15 SP1
2.62.2-3.3.32
fixed
suse enterprise desktop 15 SP2
2.68.3-2.32
fixed
suse enterprise desktop 15 SP3
2.68.3-2.32
fixed
suse enterprise desktop 15 SP4
2.74.2-150400.1.6
fixed
suse enterprise desktop 15 SP5
2.74.2-150400.1.6
fixed
suse enterprise desktop 15 SP6
2.74.3-150600.2.2
fixed
suse enterprise desktop 15 SP7
2.74.3-150600.4.3.1
fixed
suse enterprise sap 12 SP3
2.62.2-5.7.1
fixed
suse enterprise sap 12 SP5
2.62.2-5.7.1
fixed
suse enterprise sap 15
2.62.2-1.9
fixed
suse enterprise sap 15 SP1
2.62.2-3.3.32
fixed
suse enterprise sap 15 SP2
2.68.3-2.32
fixed
suse enterprise sap 15 SP3
2.68.3-2.32
fixed
suse enterprise sap 15 SP4
2.74.2-150400.1.6
fixed
suse enterprise sap 15 SP5
2.74.2-150400.1.6
fixed
suse enterprise sap 15 SP6
2.74.3-150600.2.2
fixed
suse enterprise sap 15 SP7
2.74.3-150600.4.3.1
fixed
suse enterprise server 12
2.44.2-2.3.1
fixed
suse enterprise server 12 SP1
2.44.2-2.3.1
fixed
suse enterprise server 12 SP2
2.62.2-5.7.1
fixed
suse enterprise server 12 SP3
2.62.2-5.7.1
fixed
suse enterprise server 12 SP4
2.62.2-5.7.1
fixed
suse enterprise server 12 SP5
2.62.2-5.7.1
fixed
suse enterprise server 15
2.62.2-1.9
fixed
suse enterprise server 15 SP1
2.62.2-3.3.32
fixed
suse enterprise server 15 SP2
2.68.3-2.32
fixed
suse enterprise server 15 SP3
2.68.3-2.32
fixed
suse enterprise server 15 SP4
2.74.2-150400.1.6
fixed
suse enterprise server 15 SP5
2.74.2-150400.1.6
fixed
suse enterprise server 15 SP6
2.74.3-150600.2.2
fixed
suse enterprise server 15 SP7
2.74.3-150600.4.3.1
fixed
libsoup-2_4-1-32bit
suse enterprise sap 12 SP3
2.62.2-5.7.1
fixed
suse enterprise sap 12 SP5
2.62.2-5.7.1
fixed
suse enterprise server 12
2.44.2-2.3.1
fixed
suse enterprise server 12 SP1
2.44.2-2.3.1
fixed
suse enterprise server 12 SP2
2.62.2-5.7.1
fixed
suse enterprise server 12 SP3
2.62.2-5.7.1
fixed
suse enterprise server 12 SP4
2.62.2-5.7.1
fixed
suse enterprise server 12 SP5
2.62.2-5.7.1
fixed
libsoup-3_0-0
suse enterprise desktop 15 SP4
3.0.4-150400.1.6
fixed
suse enterprise desktop 15 SP5
3.0.4-150400.1.6
fixed
suse enterprise desktop 15 SP6
3.4.4-150600.1.3
fixed
suse enterprise desktop 15 SP7
3.4.4-150600.3.3.1
fixed
suse enterprise sap 15 SP4
3.0.4-150400.1.6
fixed
suse enterprise sap 15 SP5
3.0.4-150400.1.6
fixed
suse enterprise sap 15 SP6
3.4.4-150600.1.3
fixed
suse enterprise sap 15 SP7
3.4.4-150600.3.3.1
fixed
suse enterprise server 15 SP4
3.0.4-150400.1.6
fixed
suse enterprise server 15 SP5
3.0.4-150400.1.6
fixed
suse enterprise server 15 SP6
3.4.4-150600.1.3
fixed
suse enterprise server 15 SP7
3.4.4-150600.3.3.1
fixed
libsoup-devel
suse enterprise desktop 15
2.62.2-1.9
fixed
suse enterprise desktop 15 SP1
2.62.2-3.3.32
fixed
suse enterprise desktop 15 SP2
2.68.3-2.32
fixed
suse enterprise desktop 15 SP3
2.68.3-2.32
fixed
suse enterprise desktop 15 SP4
3.0.4-150400.1.6
fixed
suse enterprise desktop 15 SP5
3.0.4-150400.1.6
fixed
suse enterprise desktop 15 SP6
3.4.4-150600.1.3
fixed
suse enterprise desktop 15 SP7
3.4.4-150600.3.3.1
fixed
suse enterprise sap 15
2.62.2-1.9
fixed
suse enterprise sap 15 SP1
2.62.2-3.3.32
fixed
suse enterprise sap 15 SP2
2.68.3-2.32
fixed
suse enterprise sap 15 SP3
2.68.3-2.32
fixed
suse enterprise sap 15 SP4
3.0.4-150400.1.6
fixed
suse enterprise sap 15 SP5
3.0.4-150400.1.6
fixed
suse enterprise sap 15 SP6
3.4.4-150600.1.3
fixed
suse enterprise sap 15 SP7
3.4.4-150600.3.3.1
fixed
suse enterprise server 15
2.62.2-1.9
fixed
suse enterprise server 15 SP1
2.62.2-3.3.32
fixed
suse enterprise server 15 SP2
2.68.3-2.32
fixed
suse enterprise server 15 SP3
2.68.3-2.32
fixed
suse enterprise server 15 SP4
3.0.4-150400.1.6
fixed
suse enterprise server 15 SP5
3.0.4-150400.1.6
fixed
suse enterprise server 15 SP6
3.4.4-150600.1.3
fixed
suse enterprise server 15 SP7
3.4.4-150600.3.3.1
fixed
libsoup-lang
suse enterprise desktop 15
2.62.2-1.9
fixed
suse enterprise desktop 15 SP1
2.62.2-3.3.32
fixed
suse enterprise desktop 15 SP2
2.68.3-2.32
fixed
suse enterprise desktop 15 SP3
2.68.3-2.32
fixed
suse enterprise desktop 15 SP4
3.0.4-150400.1.6
fixed
suse enterprise desktop 15 SP5
3.0.4-150400.1.6
fixed
suse enterprise desktop 15 SP6
3.4.4-150600.1.3
fixed
suse enterprise desktop 15 SP7
3.4.4-150600.3.3.1
fixed
suse enterprise sap 12 SP3
2.62.2-5.7.1
fixed
suse enterprise sap 12 SP5
2.62.2-5.7.1
fixed
suse enterprise sap 15
2.62.2-1.9
fixed
suse enterprise sap 15 SP1
2.62.2-3.3.32
fixed
suse enterprise sap 15 SP2
2.68.3-2.32
fixed
suse enterprise sap 15 SP3
2.68.3-2.32
fixed
suse enterprise sap 15 SP4
3.0.4-150400.1.6
fixed
suse enterprise sap 15 SP5
3.0.4-150400.1.6
fixed
suse enterprise sap 15 SP6
3.4.4-150600.1.3
fixed
suse enterprise sap 15 SP7
3.4.4-150600.3.3.1
fixed
suse enterprise server 12
2.44.2-2.3.1
fixed
suse enterprise server 12 SP1
2.44.2-2.3.1
fixed
suse enterprise server 12 SP2
2.62.2-5.7.1
fixed
suse enterprise server 12 SP3
2.62.2-5.7.1
fixed
suse enterprise server 12 SP4
2.62.2-5.7.1
fixed
suse enterprise server 12 SP5
2.62.2-5.7.1
fixed
suse enterprise server 15
2.62.2-1.9
fixed
suse enterprise server 15 SP1
2.62.2-3.3.32
fixed
suse enterprise server 15 SP2
2.68.3-2.32
fixed
suse enterprise server 15 SP3
2.68.3-2.32
fixed
suse enterprise server 15 SP4
3.0.4-150400.1.6
fixed
suse enterprise server 15 SP5
3.0.4-150400.1.6
fixed
suse enterprise server 15 SP6
3.4.4-150600.1.3
fixed
suse enterprise server 15 SP7
3.4.4-150600.3.3.1
fixed
libsoup2-devel
suse enterprise desktop 15 SP4
2.74.2-150400.1.6
fixed
suse enterprise desktop 15 SP5
2.74.2-150400.1.6
fixed
suse enterprise desktop 15 SP6
2.74.3-150600.2.2
fixed
suse enterprise desktop 15 SP7
2.74.3-150600.4.3.1
fixed
suse enterprise sap 15 SP4
2.74.2-150400.1.6
fixed
suse enterprise sap 15 SP5
2.74.2-150400.1.6
fixed
suse enterprise sap 15 SP6
2.74.3-150600.2.2
fixed
suse enterprise sap 15 SP7
2.74.3-150600.4.3.1
fixed
suse enterprise server 15 SP4
2.74.2-150400.1.6
fixed
suse enterprise server 15 SP5
2.74.2-150400.1.6
fixed
suse enterprise server 15 SP6
2.74.3-150600.2.2
fixed
suse enterprise server 15 SP7
2.74.3-150600.4.3.1
fixed
libsoup2-lang
suse enterprise desktop 15 SP4
2.74.2-150400.1.6
fixed
suse enterprise desktop 15 SP5
2.74.2-150400.1.6
fixed
suse enterprise desktop 15 SP6
2.74.3-150600.2.2
fixed
suse enterprise desktop 15 SP7
2.74.3-150600.4.3.1
fixed
suse enterprise sap 15 SP4
2.74.2-150400.1.6
fixed
suse enterprise sap 15 SP5
2.74.2-150400.1.6
fixed
suse enterprise sap 15 SP6
2.74.3-150600.2.2
fixed
suse enterprise sap 15 SP7
2.74.3-150600.4.3.1
fixed
suse enterprise server 15 SP4
2.74.2-150400.1.6
fixed
suse enterprise server 15 SP5
2.74.2-150400.1.6
fixed
suse enterprise server 15 SP6
2.74.3-150600.2.2
fixed
suse enterprise server 15 SP7
2.74.3-150600.4.3.1
fixed
typelib-1_0-Soup-2_4
suse enterprise desktop 15
2.62.2-1.9
fixed
suse enterprise desktop 15 SP1
2.62.2-3.3.32
fixed
suse enterprise desktop 15 SP2
2.68.3-2.32
fixed
suse enterprise desktop 15 SP3
2.68.3-2.32
fixed
suse enterprise desktop 15 SP4
2.74.2-150400.1.6
fixed
suse enterprise desktop 15 SP5
2.74.2-150400.1.6
fixed
suse enterprise desktop 15 SP6
2.74.3-150600.2.2
fixed
suse enterprise desktop 15 SP7
2.74.3-150600.4.3.1
fixed
suse enterprise sap 12 SP3
2.62.2-5.7.1
fixed
suse enterprise sap 12 SP5
2.62.2-5.7.1
fixed
suse enterprise sap 15
2.62.2-1.9
fixed
suse enterprise sap 15 SP1
2.62.2-3.3.32
fixed
suse enterprise sap 15 SP2
2.68.3-2.32
fixed
suse enterprise sap 15 SP3
2.68.3-2.32
fixed
suse enterprise sap 15 SP4
2.74.2-150400.1.6
fixed
suse enterprise sap 15 SP5
2.74.2-150400.1.6
fixed
suse enterprise sap 15 SP6
2.74.3-150600.2.2
fixed
suse enterprise sap 15 SP7
2.74.3-150600.4.3.1
fixed
suse enterprise server 12
2.44.2-2.3.1
fixed
suse enterprise server 12 SP1
2.44.2-2.3.1
fixed
suse enterprise server 12 SP2
2.62.2-5.7.1
fixed
suse enterprise server 12 SP3
2.62.2-5.7.1
fixed
suse enterprise server 12 SP4
2.62.2-5.7.1
fixed
suse enterprise server 12 SP5
2.62.2-5.7.1
fixed
suse enterprise server 15
2.62.2-1.9
fixed
suse enterprise server 15 SP1
2.62.2-3.3.32
fixed
suse enterprise server 15 SP2
2.68.3-2.32
fixed
suse enterprise server 15 SP3
2.68.3-2.32
fixed
suse enterprise server 15 SP4
2.74.2-150400.1.6
fixed
suse enterprise server 15 SP5
2.74.2-150400.1.6
fixed
suse enterprise server 15 SP6
2.74.3-150600.2.2
fixed
suse enterprise server 15 SP7
2.74.3-150600.4.3.1
fixed
typelib-1_0-Soup-3_0
suse enterprise desktop 15 SP4
3.0.4-150400.1.6
fixed
suse enterprise desktop 15 SP5
3.0.4-150400.1.6
fixed
suse enterprise desktop 15 SP6
3.4.4-150600.1.3
fixed
suse enterprise desktop 15 SP7
3.4.4-150600.3.3.1
fixed
suse enterprise sap 15 SP4
3.0.4-150400.1.6
fixed
suse enterprise sap 15 SP5
3.0.4-150400.1.6
fixed
suse enterprise sap 15 SP6
3.4.4-150600.1.3
fixed
suse enterprise sap 15 SP7
3.4.4-150600.3.3.1
fixed
suse enterprise server 15 SP4
3.0.4-150400.1.6
fixed
suse enterprise server 15 SP5
3.0.4-150400.1.6
fixed
suse enterprise server 15 SP6
3.4.4-150600.1.3
fixed
suse enterprise server 15 SP7
3.4.4-150600.3.3.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
libsoup
RHEL 7
0:2.56.0-4.el7_4
fixed
libsoup-devel
RHEL 7
0:2.56.0-4.el7_4
fixed
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/160388/ProCaster-LE-32F430-GStreamer-souphttpsrc-libsoup-2.51.3-Stack-Overflow.html
http://seclists.org/fulldisclosure/2020/Dec/3
http://www.securityfocus.com/bid/100258
https://access.redhat.com/errata/RHSA-2017:2459
https://www.debian.org/security/2017/dsa-3929
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0392
http://packetstormsecurity.com/files/160388/ProCaster-LE-32F430-GStreamer-souphttpsrc-libsoup-2.51.3-Stack-Overflow.html
http://seclists.org/fulldisclosure/2020/Dec/3
http://www.securityfocus.com/bid/100258
https://access.redhat.com/errata/RHSA-2017:2459
https://www.debian.org/security/2017/dsa-3929
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0392