CVE-2026-0719

EUVD-2026-1573

08.01.2026, 13:15

A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.6 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
redhat	CNA	8.6 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 19%

Debian Releases

Debian Product

Codename

libsoup2.4

bookworm	no-dsa
bullseye	vulnerable
bullseye (security)	vulnerable
trixie	no-dsa

libsoup3

bookworm	no-dsa
forky	vulnerable
sid	vulnerable
trixie	no-dsa

Common Weakness Enumeration

CWE-121 - Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Vulnerability Media Exposure

[GERMAN] Red Hat Enterprise Linux (libsoup): Mehrere Schwachstellen
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.
Published: 2026-02-04T23:00:00+00:00

References

https://access.redhat.com/errata/RHSA-2026:1948

https://access.redhat.com/errata/RHSA-2026:2005

https://access.redhat.com/errata/RHSA-2026:2006

https://access.redhat.com/errata/RHSA-2026:2007

https://access.redhat.com/errata/RHSA-2026:2008

https://access.redhat.com/errata/RHSA-2026:2049

https://access.redhat.com/errata/RHSA-2026:2182

https://access.redhat.com/errata/RHSA-2026:2214

https://access.redhat.com/errata/RHSA-2026:2215

https://access.redhat.com/errata/RHSA-2026:2216

https://access.redhat.com/errata/RHSA-2026:2396

https://access.redhat.com/errata/RHSA-2026:2402

https://access.redhat.com/errata/RHSA-2026:2512

https://access.redhat.com/errata/RHSA-2026:2513

https://access.redhat.com/errata/RHSA-2026:2514

https://access.redhat.com/errata/RHSA-2026:2528

https://access.redhat.com/errata/RHSA-2026:2529

https://access.redhat.com/errata/RHSA-2026:2628

https://access.redhat.com/errata/RHSA-2026:2844

https://access.redhat.com/security/cve/CVE-2026-0719

https://bugzilla.redhat.com/show_bug.cgi?id=2427906

https://gitlab.gnome.org/GNOME/libsoup/-/issues/477