Nixpkgs security tracker
Untriaged
Permalink
CVE-2026-0719
7.8 HIGH
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
Libsoup: libsoup: arbitrary code execution via stack-based buffer overflow in ntlm authentication
A flaw was found in libsoup's NTLM (NT LAN Manager) authentication module. When NTLM authentication is enabled, a local attacker can exploit a stack-based buffer overflow vulnerability in the md4sum() function. This allows the attacker to overwrite adjacent memory, which may result in arbitrary code execution with the privileges of the affected application.
References
Affected products
libsoup
- *
libsoup3
- *
spice-client-win
- *
devspaces/udi-rhel9
- *
devspaces/openvsx-rhel9
- *
devspaces/pluginregistry-rhel9
- *
Matching in nixpkgs
pkgs.libsoup_3
HTTP client/server library for GNOME
pkgs.libsoup_2_4
HTTP client/server library for GNOME
pkgs.tests.pkg-config.defaultPkgConfigPackages.%22libsoup-gnome-2.4%22
Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4
Package maintainers
-
@bobby285271 Bobby Rong <rjl931189261@126.com>
-
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
-
@jtojnar Jan Tojnar <jtojnar@gmail.com>
-
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
-
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>
-
@lovek323 Jason O'Conal <jason@oconal.id.au>