- Description
- Integer overflow in the soup_base64_encode function in soup-misc.c in libsoup 2.x.x before 2.2.x, and 2.x before 2.24, allows context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation.
- Source
- secalert@redhat.com
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- nvd@nist.gov
- CWE-189
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joe_shaw:libsoup:2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2012D764-04DA-4E15-930C-9DAB867E0F94"
},
{
"criteria": "cpe:2.3:a:joe_shaw:libsoup:2.23.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "54B733A8-F7B9-4E49-9FA0-14F1B7E56446"
},
{
"criteria": "cpe:2.3:a:joe_shaw:libsoup:2.23.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6723F3C8-8FD9-4F55-9022-32F577E847EF"
},
{
"criteria": "cpe:2.3:a:joe_shaw:libsoup:2.23.91:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AD389C2E-BDD2-4502-A2A7-C0984E6958A2"
},
{
"criteria": "cpe:2.3:a:joe_shaw:libsoup:2.23.92:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D7873F3C-043A-4699-B00A-5224CAD0A509"
}
],
"operator": "OR"
}
]
}
]