## This update for libsoup fixes the following issues: * CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names (bsc#1233285) * CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict (bsc#1233292) * CVE-2024-52532: Fixed infinite loop while reading websocket data (bsc#1233287) * CVE-2025-2784: Fixed heap buffer over-read in `skip_insignificant_space` when sniffing content (bsc#1240750) * CVE-2025-32050: Fixed integer overflow in append_param_quoted (bsc#1240752) * CVE-2025-32052: Fixed heap buffer overflow in sniff_unknown() (bsc#1240756) * CVE-2025-32053: Fixed heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() (bsc#1240757)
* bsc#1233285
* bsc#1233287
* bsc#1233292
* bsc#1240750
* bsc#1240752
* bsc#1240756
* bsc#1240757
* bsc#1241164
* bsc#1241222
* bsc#1241686
* bsc#1241688
Cross-
* CVE-2024-52530
* CVE-2024-52531
* CVE-2024-52532
* CVE-2025-2784
* CVE-2025-32050
* CVE-2025-32052
* CVE-2025-32053
* CVE-2025-32907
* CVE-2025-32914
* CVE-2025-46420
* CVE-2025-46421
CVSS scores:
* CVE-2024-52530 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2024-52530 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2024-52530 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2024-52531 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2024-52531 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Get the latest Linux and open source security news straight to your inbox.