NIXPKGS-2026-0134

GitHub issue published on 6 Feb 2026

Permalink CVE-2026-0719

updated 2 weeks, 1 day ago by @LeSuisse Activity log

Created automatic suggestion 2 weeks, 1 day ago
@LeSuisse removed package tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" 2 weeks, 1 day ago
@LeSuisse accepted 2 weeks, 1 day ago
@LeSuisse published on GitHub 2 weeks, 1 day ago

Libsoup: libsoup: arbitrary code execution via stack-based buffer overflow in ntlm authentication

A flaw was found in libsoup's NTLM (NT LAN Manager) authentication module. When NTLM authentication is enabled, a local attacker can exploit a stack-based buffer overflow vulnerability in the md4sum() function. This allows the attacker to overwrite adjacent memory, which may result in arbitrary code execution with the privileges of the affected application.

Affected products

libsoup

libsoup3

spice-client-win

devspaces/udi-rhel9

devspaces/openvsx-rhel9

devspaces/pluginregistry-rhel9

Matching in nixpkgs

pkgs.libsoup_3

HTTP client/server library for GNOME

nixos-unstable 3.6.5
- nixpkgs-unstable 3.6.5
- nixos-unstable-small 3.6.5
nixos-25.11 3.6.5
- nixos-25.11-small 3.6.5
- nixpkgs-25.11-darwin 3.6.5

pkgs.libsoup_2_4

HTTP client/server library for GNOME

nixos-unstable 2.74.3
- nixpkgs-unstable 2.74.3
- nixos-unstable-small 2.74.3
nixos-25.11 2.74.3
- nixos-25.11-small 2.74.3
- nixpkgs-25.11-darwin 2.74.3

Package maintainers

@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
@bobby285271 Bobby Rong <rjl931189261@126.com>
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>
@lovek323 Jason O'Conal <jason@oconal.id.au>
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@jtojnar Jan Tojnar <jtojnar@gmail.com>

Upstream issue: https://gitlab.gnome.org/GNOME/libsoup/-/issues/477

Nixpkgs Security Tracker

Details of issue NIXPKGS-2026-0134

Affected products

Matching in nixpkgs

pkgs.libsoup_3

pkgs.libsoup_2_4

Package maintainers