Description
A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an application level denial of service.
Published: 2026-03-19
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Data exposure and denial of service
Action: Assess impact
AI Analysis

Impact

A flaw in libsoup causes an integer underflow when it processes a zero‑length resource, resulting in a buffer overread. The overread can expose sensitive information from memory or trigger a crash that causes application‑level denial of service.

Affected Systems

The vulnerability affects systems running Red Hat Enterprise Linux 10, 6, 7, 8, and 9. The affected component is the libsoup library bundled with these operating systems; no specific minor or patch version is identified.

Risk and Exploitability

The CVSS base score of 6.5 indicates a medium severity. The EPSS score is shown as less than 1%, which suggests a very low current exploitation probability. The vulnerability is not listed in the CISA KEV catalog. The attack vector is not explicitly documented in the available data; it is likely that an attacker could trigger the flaw by sending crafted HTTP requests or other network traffic to an application that uses libsoup. With no official workaround or patch currently available, the risk is primarily mitigated by monitoring for exploitation attempts and applying any future Red Hat updates that address the issue.

Generated by OpenCVE AI on April 16, 2026 at 02:42 UTC.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

OpenCVE Recommended Actions

  • Check the Red Hat advisories for any available security updates that include a libsoup fix and install them promptly
  • If a fix is not yet released, limit exposure by restricting network access to services that rely on libsoup or by blocking suspicious traffic patterns
  • Implement additional bounds checking or input validation in any custom code that manipulates resource sizes to guard against integer underflow and buffer overread

Generated by OpenCVE AI on April 16, 2026 at 02:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 19 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 14:45:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an application level denial of service.
Title libsoup: libsoup: Buffer overread due to integer underflow when handling zero-length resources Libsoup: libsoup: buffer overread due to integer underflow when handling zero-length resources
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References

Thu, 12 Feb 2026 11:30:00 +0000

Type Values Removed Values Added
First Time appeared Libsoup
Libsoup libsoup
Vendors & Products Libsoup
Libsoup libsoup

Thu, 12 Feb 2026 00:15:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title libsoup: libsoup: Buffer overread due to integer underflow when handling zero-length resources
Weaknesses CWE-191
References
Metrics threat_severity

None

 cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L'}

threat_severity

Moderate

Subscriptions

Libsoup Libsoup
Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-03-19T14:42:31.418Z

Reserved: 2026-02-11T20:31:34.894Z

Link: CVE-2026-2369

cve-icon Vulnrichment

Updated: 2026-03-19T14:42:26.872Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-19T15:16:25.603

Modified: 2026-03-20T13:39:46.493

Link: CVE-2026-2369

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-02-11T11:11:00Z

Links: CVE-2026-2369 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T02:45:06Z

Weaknesses