Memory Allocation Flaw in WebSocket Implementation of libsoup by GNOME
CVE-2026-15709

7.5HIGH

What is CVE-2026-15709?

A vulnerability in the WebSocket implementation of libsoup arises from the use of the permessage-deflate extension. The decompression loop processes data in chunks but fails to impose limits on the size of the output buffer during decompression, leading to unbounded memory allocation. Although libsoup restricts incoming compressed frame size, it does not adequately track memory usage during decompression. An attacker can exploit this flaw by sending a specially crafted small, highly compressed payload known as a decompression bomb, resulting in an Out-of-Memory (OOM) crash and triggering Denial of Service (DoS). This significantly impacts the integrity of services relying on libsoup for WebSocket connections.

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank Tristan Madani for reporting this issue.
.