CVE-2024-52532

Publication date 11 November 2024

Last updated 19 August 2025

Ubuntu priority

Cvss 3 Severity Score

Description

GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
libsoup2.4	26.04 LTS resolute	Fixed 2.74.3-8ubuntu1
	25.10 questing	Fixed 2.74.3-8ubuntu1
	25.04 plucky	Fixed 2.74.3-8ubuntu1
	24.10 oracular	Fixed 2.74.3-7ubuntu0.1
	24.04 LTS noble	Fixed 2.74.3-6ubuntu1.1
	22.04 LTS jammy	Fixed 2.74.2-3ubuntu0.1
	20.04 LTS focal	Fixed 2.70.0-1ubuntu0.1
	18.04 LTS bionic	Fixed 2.62.1-1ubuntu0.4+esm1
	16.04 LTS xenial	Fixed 2.52.2-1ubuntu0.3+esm4
libsoup3	26.04 LTS resolute	Not affected
	25.10 questing	Not affected
	25.04 plucky	Not affected
	24.10 oracular	Fixed 3.6.0-2ubuntu0.1
	24.04 LTS noble	Fixed 3.4.4-5ubuntu0.1
	22.04 LTS jammy	Fixed 3.0.7-0ubuntu1+esm1
	20.04 LTS focal	Not in release

Get expanded security coverage with Ubuntu Pro

Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.

Get Ubuntu Pro 30-day free trial

Severity score breakdown

CVSS version: CVSS v3.0

Base score 7.5 · High

Base metrics

Parameter	Value
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality impact	None
Integrity impact	None
Availability impact	High

Scores

Parameter	Value
Base score	7.5 · High
Exploitability score	-
Impact score	-

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Related Ubuntu Security Notices (USN)

USN-7127-1
libsoup3 vulnerabilities
27 November 2024

USN-7126-1
libsoup vulnerabilities
27 November 2024

USN-7565-1
libsoup vulnerabilities
11 June 2025