Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication
Summary
Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication. Red Hat rates this important (CVSS 8.6). Weakness: CWE-121. Affected package(s): libsoup, spice-client-win, devspaces/pluginregistry-rhel9:1770918006, devspaces/openvsx-rhel9:1770851052, devspaces/udi-rhel9:1770913862, libsoup3. Resolved in Red Hat advisory RHSA-2026:2513 — update the affected packages (`sudo dnf update`).
- libsoup-0:2.62.3-13.el8_10
- libsoup-0:2.62.3-3.el8_8.8
- libsoup-0:2.72.0-12.el9_7.5
- libsoup-0:2.62.3-1.el8_2.8
- libsoup-0:2.62.3-2.el8_4.8
- libsoup-0:2.72.0-8.el9_2.10
- spice-client-win-0:8.10-7
- devspaces/pluginregistry-rhel9:1770918006
- libsoup-0:2.72.0-8.el9_0.9
- libsoup-0:2.72.0-10.el9_6.6
- libsoup-0:2.62.2-11.el7_9
- spice-client-win-0:8.10-7.el8_6.1
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
- RHSA-2026:2513
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
Mitigation checklist
- Update the affected package(s) to the fixed version shipped in RHSA-2026:2513 (`sudo dnf update` / `yum update`).
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.