Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2024-52531
Modified
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-11 Nov, 2024 | 20:15
Updated At-03 Nov, 2025 | 23:17

GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. There is a plausible way to reach this remotely via soup_message_headers_get_content_type (e.g., an application may want to retrieve the content type of a request or response).

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
Secondary3.18.4HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 8.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
The GNOME Project
gnome
>>libsoup>>Versions before 3.6.1(exclusive)
cpe:2.3:a:gnome:libsoup:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Secondarycve@mitre.org
CWE ID: CWE-787
Type: Secondary
Source: cve@mitre.org
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/407cve@mitre.org
Issue Tracking
https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/407#note_2316401cve@mitre.org
Issue Tracking
https://gitlab.gnome.org/Teams/Releng/security/-/wikis/homecve@mitre.org
Vendor Advisory
https://offsec.almond.consulting/using-aflplusplus-on-bug-bounty-programs-an-example-with-gnome-libsoup.htmlcve@mitre.org
Exploit
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/12/msg00014.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/407
Source: cve@mitre.org
Resource:
Issue Tracking
Hyperlink: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/407#note_2316401
Source: cve@mitre.org
Resource:
Issue Tracking
Hyperlink: https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://offsec.almond.consulting/using-aflplusplus-on-bug-bounty-programs-an-example-with-gnome-libsoup.html
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2024/12/msg00014.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Change History
0Changes found
Details not found