ISHACK AI BOT

Huawei EulerOS: CVE-2024-52531: libsoup security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/11/2024 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. Input received over the network cannot trigger this. Solution(s) huawei-euleros-2_0_sp11-upgrade-libsoup huawei-euleros-2_0_sp11-upgrade-libsoup-help References https://attackerkb.com/topics/cve-2024-52531 CVE - 2024-52531 EulerOS-SA-2025-1160

Rocky Linux: CVE-2024-52531: libsoup (RLSA-2025-0838) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/11/2024 Created 02/15/2025 Added 02/14/2025 Modified 02/14/2025 Description GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. Input received over the network cannot trigger this. Solution(s) rocky-upgrade-libsoup rocky-upgrade-libsoup-debuginfo rocky-upgrade-libsoup-debugsource rocky-upgrade-libsoup-devel References https://attackerkb.com/topics/cve-2024-52531 CVE - 2024-52531 https://errata.rockylinux.org/RLSA-2025:0838

Rocky Linux: CVE-2024-52532: libsoup (RLSA-2024-9573) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/11/2024 Created 11/21/2024 Added 11/20/2024 Modified 11/20/2024 Description GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients. Solution(s) rocky-upgrade-libsoup rocky-upgrade-libsoup-debuginfo rocky-upgrade-libsoup-debugsource rocky-upgrade-libsoup-devel References https://attackerkb.com/topics/cve-2024-52532 CVE - 2024-52532 https://errata.rockylinux.org/RLSA-2024:9573

Ubuntu: (Multiple Advisories) (CVE-2024-52530): libsoup vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/11/2024 Created 11/29/2024 Added 11/28/2024 Modified 11/28/2024 Description GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header. Solution(s) ubuntu-pro-upgrade-libsoup-2-4-1 ubuntu-pro-upgrade-libsoup-3-0-0 ubuntu-pro-upgrade-libsoup2-4-1 References https://attackerkb.com/topics/cve-2024-52530 CVE - 2024-52530 USN-7126-1 USN-7127-1

Oracle Linux: CVE-2024-52530: ELSA-2024-9573:libsoup security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 11/11/2024 Created 11/23/2024 Added 11/21/2024 Modified 01/07/2025 Description GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header. Solution(s) oracle-linux-upgrade-libsoup oracle-linux-upgrade-libsoup-devel References https://attackerkb.com/topics/cve-2024-52530 CVE - 2024-52530 ELSA-2024-9573 ELSA-2024-9559 ELSA-2024-9654

Oracle Linux: CVE-2024-52532: ELSA-2024-9573:libsoup security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/11/2024 Created 11/23/2024 Added 11/21/2024 Modified 01/07/2025 Description GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients. Solution(s) oracle-linux-upgrade-libsoup oracle-linux-upgrade-libsoup-devel References https://attackerkb.com/topics/cve-2024-52532 CVE - 2024-52532 ELSA-2024-9573 ELSA-2024-9559

Amazon Linux AMI 2: CVE-2024-52530: Security patch for libsoup (ALAS-2024-2705) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/11/2024 Created 12/21/2024 Added 12/20/2024 Modified 12/20/2024 Description GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header. Solution(s) amazon-linux-ami-2-upgrade-libsoup amazon-linux-ami-2-upgrade-libsoup-debuginfo amazon-linux-ami-2-upgrade-libsoup-devel References https://attackerkb.com/topics/cve-2024-52530 AL2/ALAS-2024-2705 CVE - 2024-52530

Amazon Linux AMI 2: CVE-2024-52531: Security patch for libsoup (ALAS-2024-2705) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/11/2024 Created 12/21/2024 Added 12/20/2024 Modified 12/20/2024 Description GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. Input received over the network cannot trigger this. Solution(s) amazon-linux-ami-2-upgrade-libsoup amazon-linux-ami-2-upgrade-libsoup-debuginfo amazon-linux-ami-2-upgrade-libsoup-devel References https://attackerkb.com/topics/cve-2024-52531 AL2/ALAS-2024-2705 CVE - 2024-52531

CrushFTP: CVE-2024-53552: Account Takeover Via Email Reset Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 11/11/2024 Created 12/18/2024 Added 12/17/2024 Modified 12/17/2024 Description A issue in the reset password functionality in CrushFTP in all versions before 10.8.3 and 11.2.3 on all platforms allows attackers to steal user accounts. Solution(s) crushftp-cve-2024-53552 References https://attackerkb.com/topics/cve-2024-53552 CVE - 2024-53552 https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update

Amazon Linux AMI 2: CVE-2024-52532: Security patch for libsoup (ALAS-2024-2705) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/11/2024 Created 12/21/2024 Added 12/20/2024 Modified 12/20/2024 Description GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients. Solution(s) amazon-linux-ami-2-upgrade-libsoup amazon-linux-ami-2-upgrade-libsoup-debuginfo amazon-linux-ami-2-upgrade-libsoup-devel References https://attackerkb.com/topics/cve-2024-52532 AL2/ALAS-2024-2705 CVE - 2024-52532

Oracle Linux: CVE-2019-12900: ELSA-2024-8922:bzip2 security update (LOW) (Multiple Advisories) Severity 2 CVSS (AV:L/AC:L/Au:S/C:N/I:P/A:N) Published 11/11/2024 Created 11/13/2024 Added 11/11/2024 Modified 02/11/2025 Description BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. Solution(s) oracle-linux-upgrade-bzip2 oracle-linux-upgrade-bzip2-devel oracle-linux-upgrade-bzip2-libs References https://attackerkb.com/topics/cve-2019-12900 CVE - 2019-12900 ELSA-2024-8922 ELSA-2025-0733 ELSA-2025-0925

MongoDB: Unspecified Security Vulnerability (CVE-2024-8305) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 11/11/2024 Created 11/19/2024 Added 11/11/2024 Modified 01/28/2025 Description prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries. This issue affects MongoDB Server v6.0 versions prior to 6.0.17, MongoDB Server v7.0 versions prior to 7.0.13 and MongoDB Server v7.3 versions prior to 7.3.4 Solution(s) mongodb-upgrade-6_0_17 mongodb-upgrade-7_0_13 mongodb-upgrade-7_3_4 References https://attackerkb.com/topics/cve-2024-8305 CVE - 2024-8305 https://jira.mongodb.org/browse/SERVER-92382

VMware Photon OS: CVE-2024-52531 Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 11/11/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. Input received over the network cannot trigger this. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-52531 CVE - 2024-52531

VMware Photon OS: CVE-2024-52532 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/11/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-52532 CVE - 2024-52532

VMware Photon OS: CVE-2024-52533 Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 11/11/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-52533 CVE - 2024-52533

Red Hat: CVE-2024-52530: libsoup: HTTP request smuggling via stripping null bytes from the ends of header names (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 11/11/2024 Created 11/15/2024 Added 11/14/2024 Modified 11/27/2024 Description GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header. Solution(s) redhat-upgrade-libsoup redhat-upgrade-libsoup-debuginfo redhat-upgrade-libsoup-debugsource redhat-upgrade-libsoup-devel References CVE-2024-52530 RHSA-2024:9524 RHSA-2024:9559 RHSA-2024:9570 RHSA-2024:9572 RHSA-2024:9573

Red Hat: CVE-2024-52531: libsoup: buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 11/11/2024 Created 01/31/2025 Added 01/30/2025 Modified 02/10/2025 Description GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. Input received over the network cannot trigger this. Solution(s) redhat-upgrade-libsoup redhat-upgrade-libsoup-debuginfo redhat-upgrade-libsoup-debugsource redhat-upgrade-libsoup-devel References CVE-2024-52531 RHSA-2025:0791 RHSA-2025:0838 RHSA-2025:0847 RHSA-2025:0848 RHSA-2025:1075

Alma Linux: CVE-2024-52532: Important: libsoup security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/11/2024 Created 11/19/2024 Added 11/18/2024 Modified 11/19/2024 Description GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients. Solution(s) alma-upgrade-libsoup alma-upgrade-libsoup-devel References https://attackerkb.com/topics/cve-2024-52532 CVE - 2024-52532 https://errata.almalinux.org/8/ALSA-2024-9573.html https://errata.almalinux.org/9/ALSA-2024-9559.html

Huawei EulerOS: CVE-2024-52533: glib2 security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/11/2024 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character. Solution(s) huawei-euleros-2_0_sp11-upgrade-glib2 References https://attackerkb.com/topics/cve-2024-52533 CVE - 2024-52533 EulerOS-SA-2025-1156

Amazon Linux 2023: CVE-2024-52531: Important priority package update for libsoup Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 11/11/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. Input received over the network cannot trigger this. Solution(s) amazon-linux-2023-upgrade-libsoup amazon-linux-2023-upgrade-libsoup-debuginfo amazon-linux-2023-upgrade-libsoup-debugsource amazon-linux-2023-upgrade-libsoup-devel amazon-linux-2023-upgrade-libsoup-doc References https://attackerkb.com/topics/cve-2024-52531 CVE - 2024-52531 https://alas.aws.amazon.com/AL2023/ALAS-2024-772.html

Amazon Linux 2023: CVE-2024-52532: Important priority package update for libsoup Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/11/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients. Solution(s) amazon-linux-2023-upgrade-libsoup amazon-linux-2023-upgrade-libsoup-debuginfo amazon-linux-2023-upgrade-libsoup-debugsource amazon-linux-2023-upgrade-libsoup-devel amazon-linux-2023-upgrade-libsoup-doc References https://attackerkb.com/topics/cve-2024-52532 CVE - 2024-52532 https://alas.aws.amazon.com/AL2023/ALAS-2024-772.html

Alma Linux: CVE-2024-52531: Important: libsoup security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/11/2024 Created 02/01/2025 Added 01/31/2025 Modified 02/03/2025 Description GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. Input received over the network cannot trigger this. Solution(s) alma-upgrade-libsoup alma-upgrade-libsoup-devel References https://attackerkb.com/topics/cve-2024-52531 CVE - 2024-52531 https://errata.almalinux.org/8/ALSA-2025-0838.html https://errata.almalinux.org/9/ALSA-2025-0791.html

Alma Linux: CVE-2024-52533: Moderate: mingw-glib2 security update (ALSA-2025-0936) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/11/2024 Created 02/11/2025 Added 02/10/2025 Modified 02/10/2025 Description gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character. Solution(s) alma-upgrade-mingw32-glib2 alma-upgrade-mingw32-glib2-static alma-upgrade-mingw64-glib2 alma-upgrade-mingw64-glib2-static References https://attackerkb.com/topics/cve-2024-52533 CVE - 2024-52533 https://errata.almalinux.org/9/ALSA-2025-0936.html

Huawei EulerOS: CVE-2024-52532: libsoup security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/11/2024 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients. Solution(s) huawei-euleros-2_0_sp11-upgrade-libsoup huawei-euleros-2_0_sp11-upgrade-libsoup-help References https://attackerkb.com/topics/cve-2024-52532 CVE - 2024-52532 EulerOS-SA-2025-1160

Debian: CVE-2024-52531: libsoup2.4, libsoup3 -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/11/2024 Created 12/17/2024 Added 12/16/2024 Modified 12/16/2024 Description GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. Input received over the network cannot trigger this. Solution(s) debian-upgrade-libsoup2-4 debian-upgrade-libsoup3 References https://attackerkb.com/topics/cve-2024-52531 CVE - 2024-52531 DLA-3992-1