Heap Buffer Over-Read in libsoup's HTTP/2 Connection Tracking Framework
CVE-2026-15712
5.9MEDIUM
What is CVE-2026-15712?
A vulnerability in libsoup's HTTP/2 connection tracking framework allows a remote, unauthenticated attacker to exploit the improper handling of the 'Additional Debug Data' in a malformed GOAWAY frame. This oversight results from the parser's failure to conduct strict length-boundary verification before reading the data, which leads to a heap buffer over-read condition. Consequently, this may crash applications, causing denial of service (DoS), and potentially exposing sensitive memory fragments.
References
CVSS V3.1
Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Red Hat would like to thank cavid for reporting this issue.