CVE-2026-15714 PUBLISHED

Libsoup: soupmultipartinputstream: libsoup: out-of-bounds read in soup_multipart_input_stream_read_headers via an oversized multipart boundary string

Assigner: redhat
Reserved: 14.07.2026 Published: 14.07.2026 Updated: 15.07.2026

An out-of-bounds read vulnerability was found in libsoup's multipart processing subsystem. The flaw exists in the soup_multipart_input_stream_read_headers() function inside soup-multipart-input-stream.c, which does not adequately restrict or validate the size of incoming multipart boundary strings. When processing a crafted HTTP response containing a malformed or oversized boundary parameter, the internal stream reader reads past the allocated buffer bounds. A remote, unauthenticated attacker can exploit this behavior to cause a service denial (DoS) through application failure or potentially read fragments of unauthorized memory metadata.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
CVSS Score: 6.5

Product Status

Vendor Red Hat
Product Red Hat Enterprise Linux 10
Versions Default: affected
Vendor Red Hat
Product Red Hat Enterprise Linux 6
Versions Default: unknown
Vendor Red Hat
Product Red Hat Enterprise Linux 7
Versions Default: unknown
Vendor Red Hat
Product Red Hat Enterprise Linux 8
Versions Default: affected
Vendor Red Hat
Product Red Hat Enterprise Linux 9
Versions Default: affected

Workarounds

To mitigate this issue, restrict network access to applications that utilize libsoup for processing multipart messages from untrusted sources. Implement firewall rules to limit incoming connections to only trusted clients, thereby reducing the attack surface. If the vulnerable component is part of a service, ensure that the service is not exposed to untrusted networks.

Credits

  • Red Hat would like to thank cavid for reporting this issue.

References

Problem Types

  • Out-of-bounds Read CWE