fkie_nvd - fkie_cve-2025-32049

fkie_cve-2025-32049

Vulnerability from fkie_nvd

Published

2025-04-03 14:15

Modified

2025-06-17 12:15

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).

References

▶	URL	Tags
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:8126
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:8128
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:8132
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:8139
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:8140
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:8252
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:8480
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:8481
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:8482
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:8663
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:9179
	secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2025-32049
	secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=2357066

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS)."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 una falla en libsoup. La conexi\u00f3n SoupWebsocketConnection puede aceptar un mensaje WebSocket grande, lo que puede provocar que libsoup asigne memoria y provoque una denegaci\u00f3n de servicio (DoS)."
    }
  ],
  "id": "CVE-2025-32049",
  "lastModified": "2025-06-17T12:15:24.733",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-04-03T14:15:43.410",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:8126"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:8128"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:8132"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:8139"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:8140"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:8252"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:8480"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:8481"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:8482"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:8663"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:9179"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/security/cve/CVE-2025-32049"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357066"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    }
  ]
}

CVE-2025-32049 (GCVE-0-2025-32049)

Vulnerability from cvelistv5

Published

2025-04-03 13:36

Modified

2025-07-29 07:19

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Summary

A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).

References

►

URL

Tags

	https://access.redhat.com/errata/RHSA-2025:8126	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:8128	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:8132	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:8139	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:8140	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:8252	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:8480	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:8481	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:8482	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:8663	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:9179	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2025-32049	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2357066	issue-tracking, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

►

Version: 0 ≤ 3.6.4

Red Hat	Red Hat Enterprise Linux 10	Unaffected: 0:3.6.5-3.el10_0.6 < * cpe:/o:redhat:enterprise_linux:10.0
Red Hat	Red Hat Enterprise Linux 7 Extended Lifecycle Support	Unaffected: 0:2.62.2-6.el7_9 < * cpe:/o:redhat:rhel_els:7
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:2.62.3-9.el8_10 < * cpe:/o:redhat:enterprise_linux:8::baseos cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:2.62.3-9.el8_10 < * cpe:/o:redhat:enterprise_linux:8::baseos cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat	Red Hat Enterprise Linux 8.2 Advanced Update Support	Unaffected: 0:2.62.3-1.el8_2.5 < * cpe:/a:redhat:rhel_aus:8.2::appstream cpe:/o:redhat:rhel_aus:8.2::baseos
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Unaffected: 0:2.62.3-2.el8_4.5 < * cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/o:redhat:rhel_aus:8.4::baseos
Red Hat	Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	Unaffected: 0:2.62.3-2.el8_6.5 < * cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/a:redhat:rhel_tus:8.6::appstream
Red Hat	Red Hat Enterprise Linux 8.6 Telecommunications Update Service	Unaffected: 0:2.62.3-2.el8_6.5 < * cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/a:redhat:rhel_tus:8.6::appstream
Red Hat	Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	Unaffected: 0:2.62.3-2.el8_6.5 < * cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/a:redhat:rhel_tus:8.6::appstream
Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support	Unaffected: 0:2.62.3-3.el8_8.5 < * cpe:/a:redhat:rhel_eus:8.8::appstream cpe:/o:redhat:rhel_eus:8.8::baseos
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:2.72.0-10.el9_6.2 < * cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	Unaffected: 0:2.72.0-8.el9_0.5 < * cpe:/a:redhat:rhel_e4s:9.0::appstream
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	Unaffected: 0:2.72.0-8.el9_2.5 < * cpe:/a:redhat:rhel_eus:9.2::appstream
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	Unaffected: 0:2.72.0-8.el9_4.5 < * cpe:/a:redhat:rhel_eus:9.4::appstream
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6

Show details on NVD website