NIXPKGS-2026-0134
GitHub issue
published on
Permalink
CVE-2026-0719
7.8 HIGH
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
by @LeSuisse Activity log
- Created automatic suggestion
- @LeSuisse removed package tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4"
- @LeSuisse accepted
- @LeSuisse published on GitHub
Libsoup: libsoup: arbitrary code execution via stack-based buffer overflow in ntlm authentication
A flaw was found in libsoup's NTLM (NT LAN Manager) authentication module. When NTLM authentication is enabled, a local attacker can exploit a stack-based buffer overflow vulnerability in the md4sum() function. This allows the attacker to overwrite adjacent memory, which may result in arbitrary code execution with the privileges of the affected application.
References
Affected products
libsoup
- *
libsoup3
- *
spice-client-win
- *
devspaces/udi-rhel9
- *
devspaces/openvsx-rhel9
- *
devspaces/pluginregistry-rhel9
- *
Matching in nixpkgs
pkgs.libsoup_3
HTTP client/server library for GNOME
Package maintainers
-
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
-
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>
-
@lovek323 Jason O'Conal <jason@oconal.id.au>
-
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
-
@bobby285271 Bobby Rong <rjl931189261@126.com>
-
@jtojnar Jan Tojnar <jtojnar@gmail.com>