DEBIAN-CVE-2026-0719

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2026-0719

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-0719.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2026-0719

Upstream

CVE-2026-0719

Published

2026-01-08T13:15:43.283Z

Modified

2026-03-17T02:51:41.293500Z

Severity

8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H CVSS Calculator

Summary

[none]

Details

A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.

References

https://security-tracker.debian.org/tracker/CVE-2026-0719

Affected packages

Debian:11

libsoup2.4

Package

Name: libsoup2.4
Purl: pkg:deb/debian/libsoup2.4?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.72.0-2

2.72.0-2+deb11u1

2.72.0-2+deb11u2

2.72.0-2+deb11u3

2.72.0-3

2.72.0-4

2.74.0-1

2.74.0-2

2.74.0-3

2.74.1-1

2.74.2-1

2.74.2-2

2.74.2-3

2.74.3-1

2.74.3-2

2.74.3-3

2.74.3-3.1~exp1

2.74.3-3.1~exp2

2.74.3-3.1~exp3

2.74.3-5

2.74.3-6

2.74.3-7

2.74.3-8

2.74.3-8.1

2.74.3-9

2.74.3-10

2.74.3-10.1

2.74.3-11

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-0719.json"

Debian:12

libsoup2.4

Package

Name: libsoup2.4
Purl: pkg:deb/debian/libsoup2.4?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.74.3-1

2.74.3-1+deb12u1

2.74.3-2

2.74.3-3

2.74.3-3.1~exp1

2.74.3-3.1~exp2

2.74.3-3.1~exp3

2.74.3-5

2.74.3-6

2.74.3-7

2.74.3-8

2.74.3-8.1

2.74.3-9

2.74.3-10

2.74.3-10.1

2.74.3-11

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-0719.json"

libsoup3

Package

Name: libsoup3
Purl: pkg:deb/debian/libsoup3?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.2.2-2

3.2.3-0+deb12u1

3.2.3-0+deb12u2

3.3.1-1

3.4.0-1

3.4.1-1

3.4.2-1

3.4.2-2

3.4.2-3

3.4.2-4

3.4.3-1

3.4.4-1

3.4.4-2

3.4.4-3

3.4.4-4

3.4.4-5

3.5.2-1

3.6.0-1

3.6.0-2

3.6.0-3

3.6.0-4

3.6.1-1

3.6.4-1

3.6.4-2

3.6.4-3

3.6.5-1

3.6.5-2

3.6.5-3

3.6.5-4

3.6.5-5

3.6.5-6

3.6.5-7

3.6.5-8

3.6.5-9

3.6.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-0719.json"

Debian:13

libsoup2.4

Package

Name: libsoup2.4
Purl: pkg:deb/debian/libsoup2.4?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.74.3-10.1

2.74.3-11

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-0719.json"

libsoup3

Package

Name: libsoup3
Purl: pkg:deb/debian/libsoup3?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.6.5-3

3.6.5-4

3.6.5-5

3.6.5-6

3.6.5-7

3.6.5-8

3.6.5-9

3.6.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-0719.json"

Debian:14

libsoup3

Package

Name: libsoup3
Purl: pkg:deb/debian/libsoup3?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.6.5-3

3.6.5-4

3.6.5-5

3.6.5-6

3.6.5-7

3.6.5-8

3.6.5-9

3.6.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-0719.json"