CVE-2026-2436 · CVEKit

cve.orgen

384 chars

A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the `soup_server_disconnect()` function frees connection objects prematurely, even if a TLS handshake is still pending. If the handshake completes after the connection object has been freed, a dangling pointer is accessed, leading to a server crash and a Denial of Service.

NVDen

384 chars

A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the `soup_server_disconnect()` function frees connection objects prematurely, even if a TLS handshake is still pending. If the handshake completes after the connection object has been freed, a dangling pointer is accessed, leading to a server crash and a Denial of Service.

NVDes

458 chars

Se encontró un defecto en el SoupServer de libsoup. Un atacante remoto podría explotar una vulnerabilidad de uso después de liberación donde la función 'soup_server_disconnect()' libera objetos de conexión prematuramente, incluso si un handshake TLS todavía está pendiente. Si el handshake se completa después de que el objeto de conexión ha sido liberado, se accede a un puntero colgante, lo que lleva a un fallo del servidor y a una denegación de servicio.

CVSS metrics across sources

3

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	8.2	3.9	4.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
3.1	Primary	cve.org	6.5	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H