CVE-2019-17266

Priority
Description
libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer
over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not
properly check an NTLM message's length before proceeding with a memcpy.
Assigned-to
mdeslaur
Notes
Package
Upstream:released (2.68.2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):released (2.62.1-1ubuntu0.4)
Patches:
Upstream:https://gitlab.gnome.org/GNOME/libsoup/commit/f8a54ac85eec2008c85393f331cdd251af8266ad
More Information

Updated: 2020-07-28 20:07:03 UTC (commit d26b6ca9f5b3adb89bb036ce73ae7dab894935ec)