Wind River Support Network

HomeDefectsLIN1023-9237
Fixed

LIN1023-9237 : Security Advisory - libsoup - CVE-2024-52530

Created: Nov 11, 2024    Updated: Feb 7, 2025
Resolved Date: Feb 7, 2025
Found In Version: 10.23.30.1
Fix Version: 10.23.30.15
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Userspace

Description

GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.

CREATE(Triage):(User=admin) CVE-2024-52530 (https://nvd.nist.gov/vuln/detail/CVE-2024-52530)

CVEs

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube