Nixpkgs security tracker
Untriaged
Permalink
CVE-2026-4271
5.3 MEDIUM
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): None (N)
- Integrity (I): None (N)
- Availability (A): Low (L)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): None (N)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): None (N)
- Modified Availability (MA): Low (L)
Activity log
- Created suggestion
Libsoup: libsoup: denial of service via use-after-free in http/2 server
A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the application attempting to access memory that has already been freed, potentially causing application instability or crashes, resulting in a Denial of Service (DoS).
References
Affected products
libsoup
libsoup3
Matching in nixpkgs
pkgs.libsoup_3
HTTP client/server library for GNOME
pkgs.libsoup_2_4
HTTP client/server library for GNOME
pkgs.tests.pkg-config.defaultPkgConfigPackages.%22libsoup-gnome-2.4%22
Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4
Package maintainers
-
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
-
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>
-
@lovek323 Jason O'Conal <jason@oconal.id.au>
-
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
-
@bobby285271 Bobby Rong <rjl931189261@126.com>
-
@jtojnar Jan Tojnar <jtojnar@gmail.com>