Denial of Service Vulnerability in HTTP/2 Implementation of Libsoup by Red Hat
CVE-2026-15713
5.9MEDIUM
What is CVE-2026-15713?
An identified flaw in the HTTP/2 protocol implementation within Libsoup allows a remote, unauthenticated attacker to exploit memory management issues. Specific stream termination scenarios—such as window exhaustion or explicit stream resets—can lead to the improper release of memory context blocks. As a result, an attacker may gradually consume heap allocations, ultimately resulting in a denial of service by causing an Out-of-Memory (OOM) application crash. This vulnerability emphasizes the need for stringent monitoring and patching to avert potential service disruptions.
References
CVSS V3.1
Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Red Hat would like to thank cavid for reporting this issue.