CVE-2024-52532 : GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during

GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.

Published 2024-11-11 20:15:20

Updated 2024-11-12 19:35:17

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2024-52532

Please log in to view affected product information.

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 21 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	134c704f-9b21-4f2e-91b3-4a467353bcc0	2024-11-12
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

https://gitlab.gnome.org/GNOME/libsoup/-/issues/391

Infinite loop while reading websocket data (#391) · Issues · GNOME / libsoup · GitLab
https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home

Home · Wiki · Teams / Releng / Security · GitLab

CVEs referencing this url
https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/410

websocket: process the frame as soon as we read data (!410) · Merge requests · GNOME / libsoup · GitLab

Jump to