CVE-2019-17266 - OpenCVE

libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Canonical	Ubuntu Linux
Gnome	Libsoup

Configuration 1 [-]

OR	cpe:2.3:a:gnome:libsoup::::::::
	cpe:2.3:a:gnome:libsoup::::::::

Configuration 2 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*

References

Link	Resource
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941912	Third Party Advisory
https://github.com/Kirin-say/Vulnerabilities/blob/master/CVE-2019-17266_POC.md	Third Party Advisory
https://gitlab.gnome.org/GNOME/libsoup/commit/88b7dff4467f4151afae244ea7d1223753cd05ab	Third Party Advisory
https://gitlab.gnome.org/GNOME/libsoup/commit/f8a54ac85eec2008c85393f331cdd251af8266ad	Third Party Advisory
https://gitlab.gnome.org/GNOME/libsoup/issues/173	Broken Link Issue Tracking Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2019-17266	Third Party Advisory
https://usn.ubuntu.com/4152-1/	Third Party Advisory
https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1705054.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-10-06T21:48:18

Updated: 2019-10-09T20:06:08

Reserved: 2019-10-06T00:00:00

Link: CVE-2019-17266

JSON object: View

NVD Information

Status : Modified

Published: 2019-10-06T22:15:10.367

Modified: 2023-11-07T03:06:11.977

Link: CVE-2019-17266

JSON object: View

Redhat Information

No data.

CWE

CWE-125

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-09T20:06:08", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://gitlab.gnome.org/GNOME/libsoup/issues/173"}, {"tags": ["x_refsource_MISC"], "url": "https://security-tracker.debian.org/tracker/CVE-2019-17266"}, {"tags": ["x_refsource_MISC"], "url": "https://gitlab.gnome.org/GNOME/libsoup/commit/88b7dff4467f4151afae244ea7d1223753cd05ab"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/Kirin-say/Vulnerabilities/blob/master/CVE-2019-17266_POC.md"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941912"}, {"tags": ["x_refsource_MISC"], "url": "https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1705054.html"}, {"tags": ["x_refsource_MISC"], "url": "https://gitlab.gnome.org/GNOME/libsoup/commit/f8a54ac85eec2008c85393f331cdd251af8266ad"}, {"name": "USN-4152-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4152-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-17266", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://gitlab.gnome.org/GNOME/libsoup/issues/173", "refsource": "MISC", "url": "https://gitlab.gnome.org/GNOME/libsoup/issues/173"}, {"name": "https://security-tracker.debian.org/tracker/CVE-2019-17266", "refsource": "MISC", "url": "https://security-tracker.debian.org/tracker/CVE-2019-17266"}, {"name": "https://gitlab.gnome.org/GNOME/libsoup/commit/88b7dff4467f4151afae244ea7d1223753cd05ab", "refsource": "MISC", "url": "https://gitlab.gnome.org/GNOME/libsoup/commit/88b7dff4467f4151afae244ea7d1223753cd05ab"}, {"name": "https://github.com/Kirin-say/Vulnerabilities/blob/master/CVE-2019-17266_POC.md", "refsource": "MISC", "url": "https://github.com/Kirin-say/Vulnerabilities/blob/master/CVE-2019-17266_POC.md"}, {"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941912", "refsource": "MISC", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941912"}, {"name": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1705054.html", "refsource": "MISC", "url": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1705054.html"}, {"name": "https://gitlab.gnome.org/GNOME/libsoup/commit/f8a54ac85eec2008c85393f331cdd251af8266ad", "refsource": "MISC", "url": "https://gitlab.gnome.org/GNOME/libsoup/commit/f8a54ac85eec2008c85393f331cdd251af8266ad"}, {"name": "USN-4152-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4152-1/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-17266", "datePublished": "2019-10-06T21:48:18", "dateReserved": "2019-10-06T00:00:00", "dateUpdated": "2019-10-09T20:06:08", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnome:libsoup:*:*:*:*:*:*:*:*", "matchCriteriaId": "82D58806-8762-4FD9-9658-6C4809D1E432", "versionEndExcluding": "2.66.4", "versionStartIncluding": "2.65.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:libsoup:*:*:*:*:*:*:*:*", "matchCriteriaId": "73D27E8B-ABB1-436E-85B8-A692C8237393", "versionEndIncluding": "2.68.1", "versionStartIncluding": "2.67.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy."}, {"lang": "es", "value": "libsoup desde las versiones 2.65.1 hasta 2.68.1 presenta una lectura excesiva de b\u00fafer en la regi\u00f3n heap de la memoria porque la funci\u00f3n soup_ntlm_parse_challenge() en el archivo soup-auth-ntlm.c no comprueba apropiadamente la longitud de un mensaje NTLM antes del procesamiento con una memcpy."}], "id": "CVE-2019-17266", "lastModified": "2023-11-07T03:06:11.977", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-06T22:15:10.367", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941912"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/Kirin-say/Vulnerabilities/blob/master/CVE-2019-17266_POC.md"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://gitlab.gnome.org/GNOME/libsoup/commit/88b7dff4467f4151afae244ea7d1223753cd05ab"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://gitlab.gnome.org/GNOME/libsoup/commit/f8a54ac85eec2008c85393f331cdd251af8266ad"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Issue Tracking", "Third Party Advisory"], "url": "https://gitlab.gnome.org/GNOME/libsoup/issues/173"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2019-17266"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4152-1/"}, {"source": "cve@mitre.org", "url": "https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1705054.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}