A vulnerability was found in libsoup's HTTP/2 protocol implementation. The library fails to correctly release memory context blocks under specific stream termination conditions, such as when an HTTP/2 connection encounters window exhaustion or explicit stream resets. A remote, unauthenticated attacker acting as a malicious network peer can trick the connection engine into allocating stream states that are subsequently leaked during cleanup. Over a sustained period, this flaw allows the remote attacker to consume the system's heap allocations incrementally, triggering a denial of service (DoS) through an ultimate Out-of-Memory (OOM) application crash.
{
"binaries": [
{
"binary_version": "3.0.7-0ubuntu1+esm7",
"binary_name": "gir1.2-soup-3.0"
},
{
"binary_version": "3.0.7-0ubuntu1+esm7",
"binary_name": "libsoup-3.0-0"
},
{
"binary_version": "3.0.7-0ubuntu1+esm7",
"binary_name": "libsoup-3.0-common"
},
{
"binary_version": "3.0.7-0ubuntu1+esm7",
"binary_name": "libsoup-3.0-tests"
}
]
}
{
"binaries": [
{
"binary_version": "3.4.4-5ubuntu0.7",
"binary_name": "gir1.2-soup-3.0"
},
{
"binary_version": "3.4.4-5ubuntu0.7",
"binary_name": "libsoup-3.0-0"
},
{
"binary_version": "3.4.4-5ubuntu0.7",
"binary_name": "libsoup-3.0-common"
},
{
"binary_version": "3.4.4-5ubuntu0.7",
"binary_name": "libsoup-3.0-tests"
}
]
}
{
"binaries": [
{
"binary_version": "3.6.6-1",
"binary_name": "gir1.2-soup-3.0"
},
{
"binary_version": "3.6.6-1",
"binary_name": "libsoup-3.0-0"
},
{
"binary_version": "3.6.6-1",
"binary_name": "libsoup-3.0-common"
},
{
"binary_version": "3.6.6-1",
"binary_name": "libsoup-3.0-tests"
}
]
}