NIXPKGS-2026-0250
GitHub issue
published on 15 Feb 2026
by @LeSuisse Activity log
- Created automatic suggestion
- @LeSuisse removed package tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4"
- @LeSuisse accepted
- @LeSuisse published on GitHub
Libsoup: out-of-bounds read in libsoup handle_partial_get() leading to heap information disclosure
A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server memory beyond the intended response. Exploitation requires a vulnerable configuration and access to a server using the embedded SoupServer component.
Affected products
libsoup
libsoup3
Matching in nixpkgs
pkgs.libsoup_3
HTTP client/server library for GNOME
Package maintainers
-
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
-
@bobby285271 Bobby Rong <rjl931189261@126.com>
-
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>
-
@lovek323 Jason O'Conal <jason@oconal.id.au>
-
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
-
@jtojnar Jan Tojnar <jtojnar@gmail.com>