fkie_nvd - fkie_cve-2025-4948

fkie_cve-2025-4948

Vulnerability from fkie_nvd

Published

2025-05-19 16:15

Modified

2025-07-30 15:15

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal calculation can go wrong, leading to an integer underflow. This can cause the program to access invalid memory and crash. As a result, any application or server using libsoup could be forced to exit unexpectedly, creating a denial-of-service (DoS) risk.

References

▶	URL	Tags
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:8126
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:8128
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:8132
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:8139
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:8140
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:8252
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:8480
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:8481
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:8482
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:8663
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:9179
	secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2025-4948
	secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=2367183
	secalert@redhat.com	https://gitlab.gnome.org/GNOME/libsoup/-/issues/449

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal calculation can go wrong, leading to an integer underflow. This can cause the program to access invalid memory and crash. As a result, any application or server using libsoup could be forced to exit unexpectedly, creating a denial-of-service (DoS) risk."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 una falla en la funci\u00f3n soup_multipart_new_from_message() de la librer\u00eda HTTP libsoup, com\u00fanmente utilizada por GNOME y otras aplicaciones para gestionar las comunicaciones web. El problema ocurre cuando la librer\u00eda procesa mensajes multiparte especialmente manipulados. Debido a una validaci\u00f3n incorrecta, un c\u00e1lculo interno puede fallar, provocando un desbordamiento de enteros. Esto puede provocar que el programa acceda a memoria no v\u00e1lida y se bloquee. Como resultado, cualquier aplicaci\u00f3n o servidor que utilice libsoup podr\u00eda verse obligado a cerrarse inesperadamente, creando un riesgo de denegaci\u00f3n de servicio (DoS)."
    }
  ],
  "id": "CVE-2025-4948",
  "lastModified": "2025-07-30T15:15:34.467",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-05-19T16:15:36.790",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:8126"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:8128"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:8132"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:8139"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:8140"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:8252"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:8480"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:8481"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:8482"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:8663"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:9179"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/security/cve/CVE-2025-4948"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367183"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/449"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-191"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    }
  ]
}

CVE-2025-4948 (GCVE-0-2025-4948)

Vulnerability from cvelistv5

Published

2025-05-19 15:55

Modified

2025-07-30 14:57

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-191 - Integer Underflow (Wrap or Wraparound)

Summary

References

►

URL

Tags

	https://access.redhat.com/errata/RHSA-2025:8126	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:8128	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:8132	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:8139	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:8140	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:8252	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:8480	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:8481	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:8482	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:8663	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:9179	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2025-4948	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2367183	issue-tracking, x_refsource_REDHAT
	https://gitlab.gnome.org/GNOME/libsoup/-/issues/449

Impacted products

Vendor

Product

Version

►

Version: 0 ≤ 3.6.5

Red Hat	Red Hat Enterprise Linux 10	Unaffected: 0:3.6.5-3.el10_0.6 < * cpe:/o:redhat:enterprise_linux:10.0
Red Hat	Red Hat Enterprise Linux 7 Extended Lifecycle Support	Unaffected: 0:2.62.2-6.el7_9 < * cpe:/o:redhat:rhel_els:7
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:2.62.3-9.el8_10 < * cpe:/o:redhat:enterprise_linux:8::baseos cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:2.62.3-9.el8_10 < * cpe:/o:redhat:enterprise_linux:8::baseos cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat	Red Hat Enterprise Linux 8.2 Advanced Update Support	Unaffected: 0:2.62.3-1.el8_2.5 < * cpe:/a:redhat:rhel_aus:8.2::appstream cpe:/o:redhat:rhel_aus:8.2::baseos
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Unaffected: 0:2.62.3-2.el8_4.5 < * cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/a:redhat:rhel_aus:8.4::appstream
Red Hat	Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	Unaffected: 0:2.62.3-2.el8_6.5 < * cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream
Red Hat	Red Hat Enterprise Linux 8.6 Telecommunications Update Service	Unaffected: 0:2.62.3-2.el8_6.5 < * cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream
Red Hat	Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	Unaffected: 0:2.62.3-2.el8_6.5 < * cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream
Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support	Unaffected: 0:2.62.3-3.el8_8.5 < * cpe:/o:redhat:rhel_eus:8.8::baseos cpe:/a:redhat:rhel_eus:8.8::appstream
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:2.72.0-10.el9_6.2 < * cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	Unaffected: 0:2.72.0-8.el9_0.5 < * cpe:/a:redhat:rhel_e4s:9.0::appstream
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	Unaffected: 0:2.72.0-8.el9_2.5 < * cpe:/a:redhat:rhel_eus:9.2::appstream
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	Unaffected: 0:2.72.0-8.el9_4.5 < * cpe:/a:redhat:rhel_eus:9.4::appstream
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6

Show details on NVD website