Executive Summary

CVE-2026-2443 is an out-of-bounds read vulnerability in the libsoup library, which is used in GNOME-based systems to handle HTTP communications. The flaw occurs in the handle_partial_get() function that processes HTTP Range headers. Specifically, the end value of the byte range requested by an HTTP client is not properly validated against the total size of the HTTP response.

When libsoup is built with the G_DISABLE_CHECKS flag enabled, this improper validation allows the creation of a byte slice that exceeds the original buffer bounds. As a result, a specially crafted HTTP request with a large range value can cause the server to return memory contents beyond the intended response body.

This vulnerability can be exploited remotely without authentication or user interaction, potentially exposing sensitive heap memory data from the server.

Useful 0 Not Useful 0

Impact Analysis

[{'type': 'paragraph', 'content': "This vulnerability can lead to the unintended disclosure of sensitive information stored in the server's heap memory. An attacker can remotely send a specially crafted HTTP Range request to a vulnerable server using libsoup's SoupServer component and retrieve memory contents beyond the intended HTTP response."}, {'type': 'paragraph', 'content': 'Although the severity is classified as low, the exposure of heap memory could include sensitive data, which may compromise confidentiality. The attack requires no authentication or user interaction, increasing the risk of exploitation.'}] [1]

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'Detection of this vulnerability involves identifying if your system is running a vulnerable version of the libsoup library, particularly if it is compiled with the G_DISABLE_CHECKS flag enabled. Since the vulnerability is triggered by specially crafted HTTP Range headers, monitoring HTTP traffic for unusual or excessively large Range header values could help detect exploitation attempts.'}, {'type': 'paragraph', 'content': 'You can check the version of libsoup installed on your system using package management commands, for example:'}, {'type': 'list_item', 'content': 'On Debian/Ubuntu: dpkg -l | grep libsoup'}, {'type': 'list_item', 'content': 'On Red Hat/CentOS/Fedora: rpm -qa | grep libsoup'}, {'type': 'paragraph', 'content': 'To detect exploitation attempts on network traffic, you might use tools like tcpdump or Wireshark to filter HTTP requests with suspicious Range headers, for example:'}, {'type': 'list_item', 'content': "tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'Range:'"}, {'type': 'paragraph', 'content': 'However, no specific detection commands or signatures are provided in the available resources.'}] [1]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include updating the libsoup library to a version where this vulnerability is fixed. Since the flaw is related to improper validation of HTTP Range headers when GLib is compiled with G_DISABLE_CHECKS enabled, ensuring that your libsoup and GLib packages are up to date and built without this flag can prevent exploitation.

If an update is not immediately available, consider disabling or restricting the use of the embedded SoupServer component that processes HTTP requests with Range headers, or implement network-level filtering to block suspicious HTTP Range header requests.

Useful 0 Not Useful 0