{
  "threat_severity" : "Important",
  "public_date" : "2017-08-10T00:00:00Z",
  "bugzilla" : {
    "description" : "libsoup: Stack based buffer overflow with HTTP Chunked Encoding",
    "id" : "1479281",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1479281"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.3",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-121",
  "details" : [ "An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability.", "A stack-based buffer overflow flaw was discovered within the HTTP processing of libsoup. A remote attacker could exploit this flaw to cause a crash or, potentially, execute arbitrary code by sending a specially crafted HTTP request to a server using the libsoup HTTP server functionality or by tricking a user into connecting to a malicious HTTP server with an application using the libsoup HTTP client functionality." ],
  "statement" : "This issue affects the libsoup packages as shipped with Red Hat Enterprise Linux 7. However, these packages have been compiled with additional security mitigation techniques (\"stack smashing protection\"), which makes exploitation significantly harder. Thus, in most cases an exploitation attempt should be mitigated to a mere crash. However, successful exploitation to execute arbitrary code can't be ruled out entirely.",
  "acknowledgement" : "Red Hat would like to thank Aleksandar Nikolic (Cisco Talos) for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2017-08-10T00:00:00Z",
    "advisory" : "RHSA-2017:2459",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "libsoup-0:2.56.0-4.el7_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "libsoup",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "libsoup",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2017-2885\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2885\nhttps://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0392" ],
  "name" : "CVE-2017-2885",
  "csaw" : false
}