CVE-2026-2369
Integer Underflow in Libsoup Causes Buffer Overread, DoS Risk
Publication date: 2026-03-19
Last updated on: 2026-04-28
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gnome | libsoup | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-191 | The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
Can you explain this vulnerability to me?
CVE-2026-2369 is an integer underflow vulnerability in libsoup that occurs when processing content with a zero-length resource. Specifically, a loop condition subtracts 1 from the resource length, which is an unsigned integer. When the resource length is zero, this subtraction underflows to a very large number, causing the loop to run on an empty buffer. This results in a buffer overread.
The vulnerability arises from a code change intended to fix a previous issue, but it introduced this underflow by changing the loop condition. The fix adds a guard clause to skip processing when the resource length is zero, preventing the buffer overread.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to potentially access sensitive information due to the buffer overread. Additionally, it can cause an application-level denial of service by making the application read beyond the intended buffer boundaries.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability arises from an integer underflow in libsoup when processing zero-length resources, leading to a buffer overread. Detection would involve identifying if your system is running a vulnerable version of libsoup, particularly the component libsoup/soup-content-sniffer.c before the patch that adds a guard clause for zero-length resources.
Since the issue is in the code handling zero-length resources, direct detection on network traffic or system behavior might be challenging without specific exploit attempts. However, you can check the version of libsoup installed and verify if the patch addressing this issue is applied.
Suggested commands to detect the presence of the vulnerable libsoup version include:
- On Linux systems, check the installed libsoup package version: `rpm -q libsoup` (for RPM-based systems) or `dpkg -l | grep libsoup` (for Debian-based systems).
- Check for the presence of the patched source code or update status: `rpm -qi libsoup` or `apt-cache policy libsoup`.
- If you have access to the source code, verify if the patch adding `if (resource_length == 0) continue;` in libsoup/soup-content-sniffer.c is applied.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to apply the patch that adds a guard clause preventing the loop from executing when the resource length is zero. This patch prevents the integer underflow and subsequent buffer overread.
If a patch is not yet available for your distribution, consider updating libsoup to the latest version where this issue is fixed.
As a temporary workaround, avoid processing or accepting zero-length resources with applications using libsoup, if possible.
Monitor for updates from your OS or libsoup maintainers and apply security updates promptly.