What is CVE-2017-2885?

CVE-2017-2885 is a critical-severity vulnerability in Gnome Libsoup. CVSS score: 9.8/10. Published 2018-04-24.

How severe is CVE-2017-2885?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Vulnerability in Gnome Libsoup

CVE-2017-2885

An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the v…

EPSS: 0.040 (88.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Gnome Libsoup — versions 2.58

References

RHSA-2017:2459 (x_refsource_REDHAT, vendor-advisory)
DSA-3929 (vendor-advisory, x_refsource_DEBIAN)
100258 (vdb-entry, x_refsource_BID)
20201204 ProCaster LE-32F430 SmartTV RCE via libsoup/2.51.3 stack overflow (CVE-2017-2885) (mailing-list, x_refsource_FULLDISC)
www.talosintelligence.com/vulnerability_reports/TALOS-2017-0392 (x_refsource_MISC)
packetstormsecurity.com/files/160388/ProCaster-LE-32F430-GStreamer-souphttpsrc-… (x_refsource_MISC)

Frequently asked questions

What is CVE-2017-2885?: CVE-2017-2885 is a critical-severity vulnerability in Gnome Libsoup. CVSS score: 9.8/10. Published 2018-04-24.
How severe is CVE-2017-2885?: Critical severity. CVSS v3 base score is 9.8 out of 10.