{
  "threat_severity" : "Moderate",
  "public_date" : "2026-02-11T11:11:00Z",
  "bugzilla" : {
    "description" : "libsoup: libsoup: Buffer overread due to integer underflow when handling zero-length resources",
    "id" : "2439091",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2439091"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
    "status" : "draft"
  },
  "cwe" : "CWE-191",
  "details" : [ "A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an application level denial of service.", "A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an application level denial of service." ],
  "statement" : "This MODERATE impact flaw in libsoup arises from an integer underflow when processing content with zero-length resources, leading to a buffer overread. This vulnerability could allow an attacker to potentially access sensitive information or cause an application-level denial of service. Red Hat Enterprise Linux and Fedora systems utilizing libsoup are affected when applications process such malformed content.",
  "acknowledgement" : "Red Hat would like to thank Eric Su and Samuel Dainard for reporting this issue.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Fix deferred",
    "package_name" : "libsoup3",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "libsoup",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "libsoup",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "libsoup",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "libsoup",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-2369\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-2369\nhttps://gitlab.gnome.org/GNOME/libsoup/-/issues/498" ],
  "name" : "CVE-2026-2369",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}