Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2017-2885

Published: 24/04/2018 Updated: 07/06/2022
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Libsoup

Vulnerability Summary

An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnome libsoup 2.58

debian debian linux 8.0

debian debian linux 9.0

redhat enterprise linux desktop 7.0

redhat enterprise linux workstation 7.0

redhat enterprise linux server 7.0

redhat enterprise linux server aus 7.4

redhat enterprise linux server eus 7.4

redhat enterprise linux server tus 7.4

redhat enterprise linux server eus 7.5

Vendor Advisories

Debian CVElist Bug Report Logs: libsoup2.4: CVE-2017-2885: stack based buffer overflow with HTTP Chunked Encoding
Debian Bug report logs - #871650 libsoup24: CVE-2017-2885: stack based buffer overflow with HTTP Chunked Encoding Package: src:libsoup24; Maintainer for src:libsoup24 is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 10 Aug ...
Ubuntu Security Notice: libsoup2.4 vulnerability
Applications using libsoup could be made to crash or run programs as your login if it received specially crafted network traffic ...
Red Hat: CVE-2017-2885
A stack-based buffer overflow flaw was discovered within the HTTP processing of libsoup A remote attacker could exploit this flaw to cause a crash or, potentially, execute arbitrary code by sending a specially crafted HTTP request to a server using the libsoup HTTP server functionality or by tricking a user into connecting to a malicious HTTP serv ...
Arch Linux Issues:
A stack based buffer overflow has been found in libsoup <= 2581 A specially crafted HTTP request with chunked encoding can cause a stack overflow resulting in remote code execution ...

Exploits

Exploit DB: ProCaster LE-32F430 GStreamer souphttpsrc libsoup/2.51.3 Stack Overflow
ProCaster LE-32F430 SmartTV remote code execution exploit that leverages a stack overflow vulnerability in GStreamer souphttpsrc libsoup version 2513 ...

References

CWE-787https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0392https://www.debian.org/security/2017/dsa-3929https://access.redhat.com/errata/RHSA-2017:2459http://www.securityfocus.com/bid/100258http://seclists.org/fulldisclosure/2020/Dec/3http://packetstormsecurity.com/files/160388/ProCaster-LE-32F430-GStreamer-souphttpsrc-libsoup-2.51.3-Stack-Overflow.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871650https://usn.ubuntu.com/3383-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21987buffer overflowCVE-2024-28890CVE-2024-27574CVE-2024-27347CVE-2024-31450privilegeSSTICVE-2024-31666
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook