CVE-2019-17266 (retired)

Priority
Description
libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer
over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not
properly check an NTLM message's length before proceeding with a memcpy.
Assigned-to
mdeslaur
Notes
Package
Upstream:released (2.68.2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):released (2.62.1-1ubuntu0.4)
Ubuntu 19.04 (Disco Dingo):released (2.66.1-1ubuntu0.1)
Ubuntu 19.10 (Eoan):released (2.68.2-0ubuntu1)
Patches:
Upstream:https://gitlab.gnome.org/GNOME/libsoup/commit/f8a54ac85eec2008c85393f331cdd251af8266ad
More Information

Updated: 2019-10-16 03:15:09 UTC (commit d5a77adc0692243c8830819b93e10d519bb68b0e)