CVE-2017-2885

An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability.

Published: Apr 24, 2018
Updated: Apr 13, 2023
CVE: CVE-2017-2885
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
gnome / libsoup	2.58	2.58.x
debian / debian_linux	8.0	8.0.x
debian / debian_linux	9.0	9.0.x
redhat / enterprise_linux_desktop	7.0	7.0.x
redhat / enterprise_linux_workstation	7.0	7.0.x
redhat / enterprise_linux_server	7.0	7.0.x
redhat / enterprise_linux_server_aus	7.4	7.4.x
redhat / enterprise_linux_server_eus	7.4	7.4.x
redhat / enterprise_linux_server_tus	7.4	7.4.x
redhat / enterprise_linux_server_eus	7.5	7.5.x

http://packetstormsecurity.com/files/160388/ProCaster-LE-32F430-GStreamer-souphttpsrc-libsoup-2.51.3-Stack-Overflow.html
http://seclists.org/fulldisclosure/2020/Dec/3
http://www.securityfocus.com/bid/100258
https://access.redhat.com/errata/RHSA-2017:2459
https://www.debian.org/security/2017/dsa-3929
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0392

Vulnerability Database

289,599

CVE-2017-2885