CVE-2024-52530

GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.
Configurations

No configuration.

History

12 Nov 2024, 19:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CWE CWE-444

12 Nov 2024, 13:55

Type Values Removed Values Added
Summary
  • (es) La librería libsoup de GNOME anterior a 3.6.0 permite el contrabando de solicitudes HTTP en algunas configuraciones porque se ignoran los caracteres '\0' al final de los nombres de encabezado, es decir, un encabezado "Transfer-Encoding\0: chunked" se trata de la misma manera que un encabezado "Transfer-Encoding: chunked".

11 Nov 2024, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-11 20:15

Updated : 2024-11-12 19:35


NVD link : CVE-2024-52530

Mitre link : CVE-2024-52530

CVE.ORG link : CVE-2024-52530


JSON object : View

Products Affected

No product.

CWE
CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')