CVE-2026-2369
Received Received - Intake
Integer Underflow in Libsoup Causes Buffer Overread, DoS Risk

Publication date: 2026-03-19

Last updated on: 2026-04-28

Assigner: Red Hat, Inc.

Description
A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an application level denial of service.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-19
Last Modified
2026-04-28
Generated
2026-06-16
AI Q&A
2026-03-19
EPSS Evaluated
2026-06-15
NVD
CVE-2026-2369
EUVD
EUVD-2026-13105
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gnome libsoup *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-191 The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

I don't know

Executive Summary

CVE-2026-2369 is an integer underflow vulnerability in libsoup that occurs when processing content with a zero-length resource. Specifically, a loop condition subtracts 1 from the resource length, which is an unsigned integer. When the resource length is zero, this subtraction underflows to a very large number, causing the loop to run on an empty buffer. This results in a buffer overread.

The vulnerability arises from a code change intended to fix a previous issue, but it introduced this underflow by changing the loop condition. The fix adds a guard clause to skip processing when the resource length is zero, preventing the buffer overread.

Impact Analysis

This vulnerability can allow an attacker to potentially access sensitive information due to the buffer overread. Additionally, it can cause an application-level denial of service by making the application read beyond the intended buffer boundaries.

Detection Guidance

This vulnerability arises from an integer underflow in libsoup when processing zero-length resources, leading to a buffer overread. Detection would involve identifying if your system is running a vulnerable version of libsoup, particularly the component libsoup/soup-content-sniffer.c before the patch that adds a guard clause for zero-length resources.

Since the issue is in the code handling zero-length resources, direct detection on network traffic or system behavior might be challenging without specific exploit attempts. However, you can check the version of libsoup installed and verify if the patch addressing this issue is applied.

Suggested commands to detect the presence of the vulnerable libsoup version include:

  • On Linux systems, check the installed libsoup package version: `rpm -q libsoup` (for RPM-based systems) or `dpkg -l | grep libsoup` (for Debian-based systems).
  • Check for the presence of the patched source code or update status: `rpm -qi libsoup` or `apt-cache policy libsoup`.
  • If you have access to the source code, verify if the patch adding `if (resource_length == 0) continue;` in libsoup/soup-content-sniffer.c is applied.
Mitigation Strategies

The immediate mitigation step is to apply the patch that adds a guard clause preventing the loop from executing when the resource length is zero. This patch prevents the integer underflow and subsequent buffer overread.

If a patch is not yet available for your distribution, consider updating libsoup to the latest version where this issue is fixed.

As a temporary workaround, avoid processing or accepting zero-length resources with applications using libsoup, if possible.

Monitor for updates from your OS or libsoup maintainers and apply security updates promptly.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2369. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart