CVE-2026-15712

Publication date 14 July 2026

Last updated 16 July 2026


Ubuntu priority

Cvss 3 Severity Score

5.9 · Medium

Score breakdown

Description

A heap buffer over-read vulnerability was discovered in libsoup's (versions: libsoup 3.0 to 3.7.0) HTTP/2 connection tracking framework. When the library processes an HTTP/2 GOAWAY frame, it improperly handles the "Additional Debug Data" payload by assuming the data stream is a safely NUL-terminated C-string. Because the parser lacks strict length-boundary verification before reading this data, a remote, unauthenticated attacker can intentionally send a malformed GOAWAY frame missing the appropriate null delimiter. This causes the library to read past the end of the allocated buffer, triggering an application crash that results in a denial of service (DoS), or potentially exposing fragments of memory contents.

Status

Package Ubuntu Release Status
libsoup3 26.04 LTS resolute
Needs evaluation
24.04 LTS noble
Needs evaluation
22.04 LTS jammy
Needs evaluation

Severity score breakdown

CVSS version: CVSS v3.0

Base score 5.9 · Medium

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H


Access our resources on patching vulnerabilities