NIXPKGS-2026-0134

GitHub issue published on

Permalink CVE-2026-0719

7.8 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

updated 3 months, 2 weeks ago by @LeSuisse Activity log

Created suggestion 3 months, 2 weeks ago
@LeSuisse ignored package tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" 3 months, 2 weeks ago
@LeSuisse accepted 3 months, 2 weeks ago
@LeSuisse published on GitHub 3 months, 2 weeks ago

Libsoup: libsoup: arbitrary code execution via stack-based buffer overflow in ntlm authentication

A flaw was found in libsoup's NTLM (NT LAN Manager) authentication module. When NTLM authentication is enabled, a local attacker can exploit a stack-based buffer overflow vulnerability in the md4sum() function. This allows the attacker to overwrite adjacent memory, which may result in arbitrary code execution with the privileges of the affected application.

References

https://access.redhat.com/security/cve/CVE-2026-0719 vdb-entryx_refsource_REDHAT
RHBZ#2427906 issue-trackingx_refsource_REDHAT
https://gitlab.gnome.org/GNOME/libsoup/-/issues/477
RHSA-2026:1948 x_refsource_REDHATvendor-advisory
RHSA-2026:2005 x_refsource_REDHATvendor-advisory
RHSA-2026:2006 x_refsource_REDHATvendor-advisory
RHSA-2026:2007 x_refsource_REDHATvendor-advisory
RHSA-2026:2008 x_refsource_REDHATvendor-advisory
RHSA-2026:2049 x_refsource_REDHATvendor-advisory
RHSA-2026:2182 x_refsource_REDHATvendor-advisory
RHSA-2026:2214 x_refsource_REDHATvendor-advisory
RHSA-2026:2215 x_refsource_REDHATvendor-advisory
RHSA-2026:2216 x_refsource_REDHATvendor-advisory
RHSA-2026:2396 x_refsource_REDHATvendor-advisory
RHSA-2026:2402 x_refsource_REDHATvendor-advisory
RHSA-2026:2512 x_refsource_REDHATvendor-advisory
RHSA-2026:2513 x_refsource_REDHATvendor-advisory
RHSA-2026:2514 x_refsource_REDHATvendor-advisory
RHSA-2026:2528 x_refsource_REDHATvendor-advisory
RHSA-2026:2529 x_refsource_REDHATvendor-advisory
RHSA-2026:2628 x_refsource_REDHATvendor-advisory
RHSA-2026:2844 x_refsource_REDHATvendor-advisory

Affected products

libsoup

libsoup3

spice-client-win

devspaces/udi-rhel9

devspaces/openvsx-rhel9

devspaces/pluginregistry-rhel9

Matching in nixpkgs

pkgs.libsoup_3

HTTP client/server library for GNOME

nixos-unstable 3.6.5
- nixpkgs-unstable 3.6.5
- nixos-unstable-small 3.6.5
nixos-25.11 3.6.5
- nixos-25.11-small 3.6.5
- nixpkgs-25.11-darwin 3.6.5

pkgs.libsoup_2_4

HTTP client/server library for GNOME

nixos-unstable 2.74.3
- nixpkgs-unstable 2.74.3
- nixos-unstable-small 2.74.3
nixos-25.11 2.74.3
- nixos-25.11-small 2.74.3
- nixpkgs-25.11-darwin 2.74.3

Ignored packages (1)

pkgs.tests.pkg-config.defaultPkgConfigPackages.%22libsoup-gnome-2.4%22

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

Package maintainers

@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>
@lovek323 Jason O'Conal <jason@oconal.id.au>
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@bobby285271 Bobby Rong <rjl931189261@126.com>
@jtojnar Jan Tojnar <jtojnar@gmail.com>

Upstream issue: https://gitlab.gnome.org/GNOME/libsoup/-/issues/477

Nixpkgs security tracker