CVE-2024-52532: Infinite loop while reading websocket data
Start a websocket server with libsoup and then run the following test case: stall.c
libsoup will enter into a busy loop and use all the memory of the system until it crashes.
The way to fix it is by validating the data read before iterating the read loop that way if the data is not valid it will already abort.
Here a proposed fix:
0001-websocket-process-the-frame-as-soon-as-we-read-data.patch
This issue was reported by Johnny Yu of AWS Security and we thank him for collaborating on this issue through the coordinated vulnerability disclosure process.
Edited by Ignacio Casal Quinteiro