Vulnerability Description
The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.
CVSS Score
9.8
CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnome | Libsoup | 2.63.2 |
| Canonical | Ubuntu Linux | 14.04 |
| Debian | Debian Linux | 8.0 |
| Redhat | Ansible Tower | 3.3 |
| Redhat | Openshift Container Platform | 3.11 |
| Redhat | Enterprise Linux Desktop | 7.0 |
| Redhat | Enterprise Linux Server | 7.0 |
| Redhat | Enterprise Linux Workstation | 7.0 |
| Opensuse | Leap | 15.0 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00003.htmlMailing ListThird Party Advisory
- https://access.redhat.com/errata/RHBA-2019:0327Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:3140Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:3505Third Party Advisory
- https://gitlab.gnome.org/GNOME/gnome-sdk-images/commit/4215b8a21b3b3055e947312a8PatchThird Party Advisory
- https://gitlab.gnome.org/GNOME/libsoup/commit/db2b0d5809d5f8226d47312b40992cadbcPatchThird Party AdvisoryVendor Advisory
- https://gitlab.gnome.org/GNOME/libsoup/issues/3Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/07/msg00007.htmlMailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://usn.ubuntu.com/3701-1/Third Party Advisory
- https://www.debian.org/security/2018/dsa-4241Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00003.htmlMailing ListThird Party Advisory
- https://access.redhat.com/errata/RHBA-2019:0327Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:3140Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:3505Third Party Advisory
FAQ
What is CVE-2018-12910?
CVE-2018-12910 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.
How severe is CVE-2018-12910?
CVE-2018-12910 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-12910?
Check the references section above for vendor advisories and patch information. Affected products include: Gnome Libsoup, Canonical Ubuntu Linux, Debian Debian Linux, Redhat Ansible Tower, Redhat Openshift Container Platform.