Home

Description

A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.

PUBLISHED Reserved 2026-01-08 | Published 2026-01-08 | Updated 2026-01-13 | Assigner redhat




HIGH: 8.6CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Problem types

Stack-based Buffer Overflow

Product status

Default status
affected

Default status
unknown

Default status
affected

Default status
affected

Default status
affected

Timeline

2026-01-08:Reported to Red Hat.
2026-01-08:Made public.

Credits

Red Hat would like to thank treeplus for reporting this issue.

References

access.redhat.com/security/cve/CVE-2026-0719 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2427906 (RHBZ#2427906) issue-tracking

gitlab.gnome.org/GNOME/libsoup/-/issues/477

cve.org (CVE-2026-0719)

nvd.nist.gov (CVE-2026-0719)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.