717954 – (CVE-2019-17266) <net-libs/libsoup-2.70.0: Buffer overflow in soup_ntlm_parse_challenge() (CVE-2019-17266)

Bug 717954 (CVE-2019-17266) - <net-libs/libsoup-2.70.0: Buffer overflow in soup_ntlm_parse_challenge() (CVE-2019-17266)

Summary: <net-libs/libsoup-2.70.0: Buffer overflow in soup_ntlm_parse_challenge() (CVE...

Status:	RESOLVED FIXED

Alias:	CVE-2019-17266

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [noglsa cve]
Keywords:

Depends on:	gnome-3.34-stable
Blocks:
	Show dependency tree

Reported:	2020-04-17 21:50 UTC by GLSAMaker/CVETool Bot
Modified:	2021-02-20 19:33 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2020-04-17 21:50:05 UTC

CVE-2019-17266 (https://nvd.nist.gov/vuln/detail/CVE-2019-17266):
  libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read
  because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly
  check an NTLM message's length before proceeding with a memcpy.

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2021-02-20 19:33:09 UTC

GLSA Vote: No

Repository is clean, all done!