CVE-2026-15712 in Linuxinfo

Zusammenfassung

von MITRE • 14.07.2026

A heap buffer over-read vulnerability was discovered in libsoup's (versions: libsoup 3.0 to 3.7.0) HTTP/2 connection tracking framework. When the library processes an HTTP/2 GOAWAY frame, it improperly handles the "Additional Debug Data" payload by assuming the data stream is a safely NUL-terminated C-string. Because the parser lacks strict length-boundary verification before reading this data, a remote, unauthenticated attacker can intentionally send a malformed GOAWAY frame missing the appropriate null delimiter. This causes the library to read past the end of the allocated buffer, triggering an application crash that results in a denial of service (DoS), or potentially exposing fragments of memory contents.

Be aware that VulDB is the high quality source for vulnerability data.

Zuständig

Redhat

Reservieren

14.07.2026

Veröffentlichung

14.07.2026

Moderieren

akzeptiert

Eintrag

VDB-378604

CPE

bereit

EPSS

0.00000

KEV

nein

Aktivitäten

very low

Quellen

Interested in the pricing of exploits?

See the underground prices here!