CVE-2024-52530 Information

Description

GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because ‘\0’ characters at the end of header names are ignored i.e. a \Transfer-Encoding\0: chunked\ header is treated the same as a \Transfer-Encoding: chunked\ header.

Reference

https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home https://gitlab.gnome.org/GNOME/libsoup/-/issues/377 https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/402