Login Sign Up

CVE-2024-52530

7.5 HIGH

📋 TL;DR

This vulnerability in GNOME libsoup allows HTTP request smuggling by ignoring null characters at the end of HTTP header names. Attackers can craft malicious requests that bypass security controls, potentially leading to cache poisoning, session hijacking, or credential theft. It affects applications using vulnerable versions of libsoup for HTTP communication.

💻 Affected Systems

Products:
  • GNOME libsoup
Versions: Versions before 3.6.0
Operating Systems: Linux distributions with GNOME components
Default Config Vulnerable: ⚠️ Yes
Notes: Affects applications using libsoup for HTTP client/server functionality. Common in GNOME desktop applications and some web services.

📦 What is this software?

Libsoup by Gnome

View all CVEs affecting Libsoup →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could poison caches, hijack user sessions, steal credentials, or bypass authentication/authorization controls by smuggling malicious requests through proxies.

🟠

Likely Case

Cache poisoning leading to credential theft or session hijacking, particularly in environments with reverse proxies or load balancers.

🟢

If Mitigated

Limited impact with proper input validation and request sanitization at proxy layers.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting specific HTTP requests with null characters in header names. No public exploit code identified yet.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.6.0 and later

Vendor Advisory: https://gitlab.gnome.org/GNOME/libsoup/-/issues/377

Restart Required: Yes

Instructions:

1. Update libsoup to version 3.6.0 or later. 2. For Debian/Ubuntu: sudo apt update && sudo apt upgrade libsoup-3.0-0. 3. Restart affected applications/services.

🔧 Temporary Workarounds

Input validation at proxy layer

all

Configure reverse proxies or load balancers to reject HTTP requests containing null characters in headers.

🧯 If You Can't Patch

  • Implement strict HTTP header validation at application or proxy layer to reject requests with null characters.
  • Monitor for unusual HTTP request patterns and implement rate limiting on suspicious endpoints.

🔍 How to Verify

Check if Vulnerable:

Check libsoup version: dpkg -l | grep libsoup-3.0-0 or rpm -qa | grep libsoup. Versions below 3.6.0 are vulnerable.

Check Version:

pkg-config --modversion libsoup-3.0

Verify Fix Applied:

Confirm libsoup version is 3.6.0 or higher using version check command.

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests with headers containing null characters or unusual Transfer-Encoding values
  • Multiple requests from same source with varying header formats

Network Indicators:

  • HTTP traffic with malformed headers containing null bytes
  • Unusual request smuggling patterns

SIEM Query:

http.headers:*\0* OR http.headers:*Transfer-Encoding* AND NOT http.headers:*Transfer-Encoding: chunked*

📊 Metadata

CVE ID: CVE-2024-52530
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE: CWE-444
Published: November 11, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-52530, you might also want to check these:

CVE-2022-22536 10.0

CVE-2022-22536 is a critical HTTP request smuggling vulnerability in multiple SAP components that al...

Same vulnerability type (CWE-444)
CVE-2025-55315 9.9

CVE-2025-55315 is an HTTP request smuggling vulnerability in ASP.NET Core that allows an authenticat...

Same vulnerability type (CWE-444)
CVE-2023-29141 9.8

This vulnerability in MediaWiki allows attackers to trigger automatic IP blocking by manipulating th...

Same vulnerability type (CWE-444)