csaf_opensuse - opensuse-su-2025:15044-1

opensuse-su-2025:15044-1

Vulnerability from csaf_opensuse

Published

2025-05-01 00:00

Modified

2025-05-01 00:00

Summary

libsoup-2_4-1-2.74.3-9.1 on GA media

Notes

Title of the patch

libsoup-2_4-1-2.74.3-9.1 on GA media

Description of the patch

These are all security issues fixed in the libsoup-2_4-1-2.74.3-9.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2025-15044

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "libsoup-2_4-1-2.74.3-9.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the libsoup-2_4-1-2.74.3-9.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2025-15044",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15044-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2025:15044-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/53THXHSDPP4TLMFRSP5DPLY4DK72M7XY/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2025:15044-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/53THXHSDPP4TLMFRSP5DPLY4DK72M7XY/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-32907 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-32907/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-32914 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-32914/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-46420 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-46420/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-46421 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-46421/"
      }
    ],
    "title": "libsoup-2_4-1-2.74.3-9.1 on GA media",
    "tracking": {
      "current_release_date": "2025-05-01T00:00:00Z",
      "generator": {
        "date": "2025-05-01T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2025:15044-1",
      "initial_release_date": "2025-05-01T00:00:00Z",
      "revision_history": [
        {
          "date": "2025-05-01T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libsoup-2_4-1-2.74.3-9.1.aarch64",
                "product": {
                  "name": "libsoup-2_4-1-2.74.3-9.1.aarch64",
                  "product_id": "libsoup-2_4-1-2.74.3-9.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libsoup-2_4-1-32bit-2.74.3-9.1.aarch64",
                "product": {
                  "name": "libsoup-2_4-1-32bit-2.74.3-9.1.aarch64",
                  "product_id": "libsoup-2_4-1-32bit-2.74.3-9.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libsoup2-devel-2.74.3-9.1.aarch64",
                "product": {
                  "name": "libsoup2-devel-2.74.3-9.1.aarch64",
                  "product_id": "libsoup2-devel-2.74.3-9.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libsoup2-devel-32bit-2.74.3-9.1.aarch64",
                "product": {
                  "name": "libsoup2-devel-32bit-2.74.3-9.1.aarch64",
                  "product_id": "libsoup2-devel-32bit-2.74.3-9.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libsoup2-lang-2.74.3-9.1.aarch64",
                "product": {
                  "name": "libsoup2-lang-2.74.3-9.1.aarch64",
                  "product_id": "libsoup2-lang-2.74.3-9.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-Soup-2_4-2.74.3-9.1.aarch64",
                "product": {
                  "name": "typelib-1_0-Soup-2_4-2.74.3-9.1.aarch64",
                  "product_id": "typelib-1_0-Soup-2_4-2.74.3-9.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libsoup-2_4-1-2.74.3-9.1.ppc64le",
                "product": {
                  "name": "libsoup-2_4-1-2.74.3-9.1.ppc64le",
                  "product_id": "libsoup-2_4-1-2.74.3-9.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libsoup-2_4-1-32bit-2.74.3-9.1.ppc64le",
                "product": {
                  "name": "libsoup-2_4-1-32bit-2.74.3-9.1.ppc64le",
                  "product_id": "libsoup-2_4-1-32bit-2.74.3-9.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libsoup2-devel-2.74.3-9.1.ppc64le",
                "product": {
                  "name": "libsoup2-devel-2.74.3-9.1.ppc64le",
                  "product_id": "libsoup2-devel-2.74.3-9.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libsoup2-devel-32bit-2.74.3-9.1.ppc64le",
                "product": {
                  "name": "libsoup2-devel-32bit-2.74.3-9.1.ppc64le",
                  "product_id": "libsoup2-devel-32bit-2.74.3-9.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libsoup2-lang-2.74.3-9.1.ppc64le",
                "product": {
                  "name": "libsoup2-lang-2.74.3-9.1.ppc64le",
                  "product_id": "libsoup2-lang-2.74.3-9.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-Soup-2_4-2.74.3-9.1.ppc64le",
                "product": {
                  "name": "typelib-1_0-Soup-2_4-2.74.3-9.1.ppc64le",
                  "product_id": "typelib-1_0-Soup-2_4-2.74.3-9.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libsoup-2_4-1-2.74.3-9.1.s390x",
                "product": {
                  "name": "libsoup-2_4-1-2.74.3-9.1.s390x",
                  "product_id": "libsoup-2_4-1-2.74.3-9.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libsoup-2_4-1-32bit-2.74.3-9.1.s390x",
                "product": {
                  "name": "libsoup-2_4-1-32bit-2.74.3-9.1.s390x",
                  "product_id": "libsoup-2_4-1-32bit-2.74.3-9.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libsoup2-devel-2.74.3-9.1.s390x",
                "product": {
                  "name": "libsoup2-devel-2.74.3-9.1.s390x",
                  "product_id": "libsoup2-devel-2.74.3-9.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libsoup2-devel-32bit-2.74.3-9.1.s390x",
                "product": {
                  "name": "libsoup2-devel-32bit-2.74.3-9.1.s390x",
                  "product_id": "libsoup2-devel-32bit-2.74.3-9.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libsoup2-lang-2.74.3-9.1.s390x",
                "product": {
                  "name": "libsoup2-lang-2.74.3-9.1.s390x",
                  "product_id": "libsoup2-lang-2.74.3-9.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-Soup-2_4-2.74.3-9.1.s390x",
                "product": {
                  "name": "typelib-1_0-Soup-2_4-2.74.3-9.1.s390x",
                  "product_id": "typelib-1_0-Soup-2_4-2.74.3-9.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libsoup-2_4-1-2.74.3-9.1.x86_64",
                "product": {
                  "name": "libsoup-2_4-1-2.74.3-9.1.x86_64",
                  "product_id": "libsoup-2_4-1-2.74.3-9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libsoup-2_4-1-32bit-2.74.3-9.1.x86_64",
                "product": {
                  "name": "libsoup-2_4-1-32bit-2.74.3-9.1.x86_64",
                  "product_id": "libsoup-2_4-1-32bit-2.74.3-9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libsoup2-devel-2.74.3-9.1.x86_64",
                "product": {
                  "name": "libsoup2-devel-2.74.3-9.1.x86_64",
                  "product_id": "libsoup2-devel-2.74.3-9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libsoup2-devel-32bit-2.74.3-9.1.x86_64",
                "product": {
                  "name": "libsoup2-devel-32bit-2.74.3-9.1.x86_64",
                  "product_id": "libsoup2-devel-32bit-2.74.3-9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libsoup2-lang-2.74.3-9.1.x86_64",
                "product": {
                  "name": "libsoup2-lang-2.74.3-9.1.x86_64",
                  "product_id": "libsoup2-lang-2.74.3-9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-Soup-2_4-2.74.3-9.1.x86_64",
                "product": {
                  "name": "typelib-1_0-Soup-2_4-2.74.3-9.1.x86_64",
                  "product_id": "typelib-1_0-Soup-2_4-2.74.3-9.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup-2_4-1-2.74.3-9.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.aarch64"
        },
        "product_reference": "libsoup-2_4-1-2.74.3-9.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup-2_4-1-2.74.3-9.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.ppc64le"
        },
        "product_reference": "libsoup-2_4-1-2.74.3-9.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup-2_4-1-2.74.3-9.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.s390x"
        },
        "product_reference": "libsoup-2_4-1-2.74.3-9.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup-2_4-1-2.74.3-9.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.x86_64"
        },
        "product_reference": "libsoup-2_4-1-2.74.3-9.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup-2_4-1-32bit-2.74.3-9.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.aarch64"
        },
        "product_reference": "libsoup-2_4-1-32bit-2.74.3-9.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup-2_4-1-32bit-2.74.3-9.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.ppc64le"
        },
        "product_reference": "libsoup-2_4-1-32bit-2.74.3-9.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup-2_4-1-32bit-2.74.3-9.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.s390x"
        },
        "product_reference": "libsoup-2_4-1-32bit-2.74.3-9.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup-2_4-1-32bit-2.74.3-9.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.x86_64"
        },
        "product_reference": "libsoup-2_4-1-32bit-2.74.3-9.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup2-devel-2.74.3-9.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.aarch64"
        },
        "product_reference": "libsoup2-devel-2.74.3-9.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup2-devel-2.74.3-9.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.ppc64le"
        },
        "product_reference": "libsoup2-devel-2.74.3-9.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup2-devel-2.74.3-9.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.s390x"
        },
        "product_reference": "libsoup2-devel-2.74.3-9.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup2-devel-2.74.3-9.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.x86_64"
        },
        "product_reference": "libsoup2-devel-2.74.3-9.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup2-devel-32bit-2.74.3-9.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.aarch64"
        },
        "product_reference": "libsoup2-devel-32bit-2.74.3-9.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup2-devel-32bit-2.74.3-9.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.ppc64le"
        },
        "product_reference": "libsoup2-devel-32bit-2.74.3-9.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup2-devel-32bit-2.74.3-9.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.s390x"
        },
        "product_reference": "libsoup2-devel-32bit-2.74.3-9.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup2-devel-32bit-2.74.3-9.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.x86_64"
        },
        "product_reference": "libsoup2-devel-32bit-2.74.3-9.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup2-lang-2.74.3-9.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.aarch64"
        },
        "product_reference": "libsoup2-lang-2.74.3-9.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup2-lang-2.74.3-9.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.ppc64le"
        },
        "product_reference": "libsoup2-lang-2.74.3-9.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup2-lang-2.74.3-9.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.s390x"
        },
        "product_reference": "libsoup2-lang-2.74.3-9.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup2-lang-2.74.3-9.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.x86_64"
        },
        "product_reference": "libsoup2-lang-2.74.3-9.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "typelib-1_0-Soup-2_4-2.74.3-9.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.aarch64"
        },
        "product_reference": "typelib-1_0-Soup-2_4-2.74.3-9.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "typelib-1_0-Soup-2_4-2.74.3-9.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.ppc64le"
        },
        "product_reference": "typelib-1_0-Soup-2_4-2.74.3-9.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "typelib-1_0-Soup-2_4-2.74.3-9.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.s390x"
        },
        "product_reference": "typelib-1_0-Soup-2_4-2.74.3-9.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "typelib-1_0-Soup-2_4-2.74.3-9.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.x86_64"
        },
        "product_reference": "typelib-1_0-Soup-2_4-2.74.3-9.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-32907",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-32907"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a full denial of service.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.aarch64",
          "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.ppc64le",
          "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.s390x",
          "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.x86_64",
          "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.aarch64",
          "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.ppc64le",
          "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.s390x",
          "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.x86_64",
          "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.aarch64",
          "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.ppc64le",
          "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.s390x",
          "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.x86_64",
          "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.aarch64",
          "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.ppc64le",
          "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.s390x",
          "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.x86_64",
          "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.aarch64",
          "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.ppc64le",
          "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.s390x",
          "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.x86_64",
          "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.aarch64",
          "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.ppc64le",
          "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.s390x",
          "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-32907",
          "url": "https://www.suse.com/security/cve/CVE-2025-32907"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241222 for CVE-2025-32907",
          "url": "https://bugzilla.suse.com/1241222"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.x86_64",
            "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.x86_64",
            "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.x86_64",
            "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.x86_64",
            "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.x86_64",
            "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.x86_64",
            "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.x86_64",
            "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.x86_64",
            "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.x86_64",
            "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.x86_64",
            "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-01T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-32907"
    },
    {
      "cve": "CVE-2025-32914",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-32914"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.aarch64",
          "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.ppc64le",
          "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.s390x",
          "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.x86_64",
          "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.aarch64",
          "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.ppc64le",
          "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.s390x",
          "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.x86_64",
          "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.aarch64",
          "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.ppc64le",
          "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.s390x",
          "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.x86_64",
          "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.aarch64",
          "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.ppc64le",
          "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.s390x",
          "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.x86_64",
          "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.aarch64",
          "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.ppc64le",
          "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.s390x",
          "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.x86_64",
          "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.aarch64",
          "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.ppc64le",
          "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.s390x",
          "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-32914",
          "url": "https://www.suse.com/security/cve/CVE-2025-32914"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241164 for CVE-2025-32914",
          "url": "https://bugzilla.suse.com/1241164"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.x86_64",
            "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.x86_64",
            "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.x86_64",
            "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.x86_64",
            "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.x86_64",
            "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.x86_64",
            "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.x86_64",
            "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.x86_64",
            "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.x86_64",
            "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.x86_64",
            "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-01T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-32914"
    },
    {
      "cve": "CVE-2025-46420",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-46420"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.aarch64",
          "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.ppc64le",
          "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.s390x",
          "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.x86_64",
          "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.aarch64",
          "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.ppc64le",
          "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.s390x",
          "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.x86_64",
          "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.aarch64",
          "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.ppc64le",
          "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.s390x",
          "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.x86_64",
          "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.aarch64",
          "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.ppc64le",
          "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.s390x",
          "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.x86_64",
          "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.aarch64",
          "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.ppc64le",
          "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.s390x",
          "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.x86_64",
          "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.aarch64",
          "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.ppc64le",
          "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.s390x",
          "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-46420",
          "url": "https://www.suse.com/security/cve/CVE-2025-46420"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241686 for CVE-2025-46420",
          "url": "https://bugzilla.suse.com/1241686"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.x86_64",
            "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.x86_64",
            "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.x86_64",
            "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.x86_64",
            "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.x86_64",
            "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.x86_64",
            "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.x86_64",
            "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.x86_64",
            "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.x86_64",
            "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.x86_64",
            "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-01T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-46420"
    },
    {
      "cve": "CVE-2025-46421",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-46421"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.aarch64",
          "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.ppc64le",
          "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.s390x",
          "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.x86_64",
          "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.aarch64",
          "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.ppc64le",
          "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.s390x",
          "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.x86_64",
          "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.aarch64",
          "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.ppc64le",
          "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.s390x",
          "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.x86_64",
          "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.aarch64",
          "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.ppc64le",
          "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.s390x",
          "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.x86_64",
          "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.aarch64",
          "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.ppc64le",
          "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.s390x",
          "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.x86_64",
          "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.aarch64",
          "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.ppc64le",
          "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.s390x",
          "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-46421",
          "url": "https://www.suse.com/security/cve/CVE-2025-46421"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241688 for CVE-2025-46421",
          "url": "https://bugzilla.suse.com/1241688"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.x86_64",
            "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.x86_64",
            "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.x86_64",
            "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.x86_64",
            "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.x86_64",
            "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-9.1.x86_64",
            "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-9.1.x86_64",
            "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:libsoup2-devel-2.74.3-9.1.x86_64",
            "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-9.1.x86_64",
            "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:libsoup2-lang-2.74.3-9.1.x86_64",
            "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.aarch64",
            "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.ppc64le",
            "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.s390x",
            "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-01T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-46421"
    }
  ]
}

CVE-2025-46421 (GCVE-0-2025-46421)

Vulnerability from cvelistv5

Published

2025-04-24 13:01

Modified

2025-07-29 13:32

Severity ?

6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE

CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere

Summary

A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect.

References

►

URL

Tags

	https://access.redhat.com/errata/RHSA-2025:4439	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4440	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4508	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4538	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4560	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4568	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4609	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4624	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:7436	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:7505	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2025-46421	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2361962	issue-tracking, x_refsource_REDHAT
	https://gitlab.gnome.org/GNOME/libsoup/-/issues/439

Impacted products

Vendor

Product

Version

►

Version: 0 ≤

Red Hat	Red Hat Enterprise Linux 10	Unaffected: 0:3.6.5-3.el10_0 < * cpe:/o:redhat:enterprise_linux:10.0
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:2.62.3-8.el8_10 < * cpe:/o:redhat:enterprise_linux:8::baseos cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:2.62.3-8.el8_10 < * cpe:/o:redhat:enterprise_linux:8::baseos cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat	Red Hat Enterprise Linux 8.2 Advanced Update Support	Unaffected: 0:2.62.3-1.el8_2.4 < * cpe:/a:redhat:rhel_aus:8.2::appstream cpe:/o:redhat:rhel_aus:8.2::baseos
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Unaffected: 0:2.62.3-2.el8_4.4 < * cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/o:redhat:rhel_e4s:8.4::baseos cpe:/o:redhat:rhel_tus:8.4::baseos cpe:/a:redhat:rhel_tus:8.4::appstream
Red Hat	Red Hat Enterprise Linux 8.4 Telecommunications Update Service	Unaffected: 0:2.62.3-2.el8_4.4 < * cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/o:redhat:rhel_e4s:8.4::baseos cpe:/o:redhat:rhel_tus:8.4::baseos cpe:/a:redhat:rhel_tus:8.4::appstream
Red Hat	Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	Unaffected: 0:2.62.3-2.el8_4.4 < * cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/o:redhat:rhel_e4s:8.4::baseos cpe:/o:redhat:rhel_tus:8.4::baseos cpe:/a:redhat:rhel_tus:8.4::appstream
Red Hat	Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	Unaffected: 0:2.62.3-2.el8_6.4 < * cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/a:redhat:rhel_aus:8.6::appstream
Red Hat	Red Hat Enterprise Linux 8.6 Telecommunications Update Service	Unaffected: 0:2.62.3-2.el8_6.4 < * cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/a:redhat:rhel_aus:8.6::appstream
Red Hat	Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	Unaffected: 0:2.62.3-2.el8_6.4 < * cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/a:redhat:rhel_aus:8.6::appstream
Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support	Unaffected: 0:2.62.3-3.el8_8.4 < * cpe:/o:redhat:rhel_eus:8.8::baseos cpe:/a:redhat:rhel_eus:8.8::appstream
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:2.72.0-10.el9_6.1 < * cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	Unaffected: 0:2.72.0-8.el9_0.4 < * cpe:/a:redhat:rhel_e4s:9.0::appstream
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	Unaffected: 0:2.72.0-8.el9_2.4 < * cpe:/a:redhat:rhel_eus:9.2::appstream
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	Unaffected: 0:2.72.0-8.el9_4.4 < * cpe:/a:redhat:rhel_eus:9.4::appstream
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-46421",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-24T13:12:43.291380Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-29T13:32:41.957Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://gitlab.gnome.org/GNOME/libsoup",
          "defaultStatus": "unaffected",
          "packageName": "libsoup",
          "versions": [
            {
              "lessThan": "3.6.5",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.0"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup3",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.6.5-3.el10_0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::baseos",
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-8.el8_10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::baseos",
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-8.el8_10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.2::appstream",
            "cpe:/o:redhat:rhel_aus:8.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-1.el8_2.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.4::baseos",
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_e4s:8.4::appstream",
            "cpe:/o:redhat:rhel_e4s:8.4::baseos",
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/a:redhat:rhel_tus:8.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_4.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.4::baseos",
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_e4s:8.4::appstream",
            "cpe:/o:redhat:rhel_e4s:8.4::baseos",
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/a:redhat:rhel_tus:8.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_4.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.4::baseos",
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_e4s:8.4::appstream",
            "cpe:/o:redhat:rhel_e4s:8.4::baseos",
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/a:redhat:rhel_tus:8.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_4.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/o:redhat:rhel_tus:8.6::baseos",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/a:redhat:rhel_aus:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_6.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/o:redhat:rhel_tus:8.6::baseos",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/a:redhat:rhel_aus:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_6.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/o:redhat:rhel_tus:8.6::baseos",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/a:redhat:rhel_aus:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_6.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:8.8::baseos",
            "cpe:/a:redhat:rhel_eus:8.8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-3.el8_8.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.72.0-10.el9_6.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.0::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.72.0-8.el9_0.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.72.0-8.el9_2.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.72.0-8.el9_4.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-04-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-497",
              "description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-28T12:50:25.307Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:4439",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4439"
        },
        {
          "name": "RHSA-2025:4440",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4440"
        },
        {
          "name": "RHSA-2025:4508",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4508"
        },
        {
          "name": "RHSA-2025:4538",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4538"
        },
        {
          "name": "RHSA-2025:4560",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4560"
        },
        {
          "name": "RHSA-2025:4568",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4568"
        },
        {
          "name": "RHSA-2025:4609",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4609"
        },
        {
          "name": "RHSA-2025:4624",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4624"
        },
        {
          "name": "RHSA-2025:7436",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:7436"
        },
        {
          "name": "RHSA-2025:7505",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:7505"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-46421"
        },
        {
          "name": "RHBZ#2361962",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361962"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/439"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-04-24T01:35:00.884000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-04-24T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Libsoup: information disclosure may leads libsoup client sends authorization header to a different host when being redirected by a server",
      "workarounds": [
        {
          "lang": "en",
          "value": "Currently, no mitigation is available for this vulnerability."
        }
      ],
      "x_redhatCweChain": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-46421",
    "datePublished": "2025-04-24T13:01:24.589Z",
    "dateReserved": "2025-04-24T01:37:42.413Z",
    "dateUpdated": "2025-07-29T13:32:41.957Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-46420 (GCVE-0-2025-46420)

Vulnerability from cvelistv5

Published

2025-04-24 12:58

Modified

2025-07-29 13:33

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE

CWE-401 - Missing Release of Memory after Effective Lifetime

Summary

A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes.

References

►

URL

Tags

	https://access.redhat.com/errata/RHSA-2025:4439	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4440	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4508	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4538	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4560	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4568	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4609	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4624	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:7436	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2025-46420	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2361963	issue-tracking, x_refsource_REDHAT
	https://gitlab.gnome.org/GNOME/libsoup/-/issues/438

Impacted products

Vendor

Product

Version

►

Version: 0 ≤

Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:2.62.3-8.el8_10 < * cpe:/o:redhat:enterprise_linux:8::baseos cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:2.62.3-8.el8_10 < * cpe:/o:redhat:enterprise_linux:8::baseos cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat	Red Hat Enterprise Linux 8.2 Advanced Update Support	Unaffected: 0:2.62.3-1.el8_2.4 < * cpe:/o:redhat:rhel_aus:8.2::baseos cpe:/a:redhat:rhel_aus:8.2::appstream
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Unaffected: 0:2.62.3-2.el8_4.4 < * cpe:/o:redhat:rhel_e4s:8.4::baseos cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_tus:8.4::baseos cpe:/a:redhat:rhel_tus:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream
Red Hat	Red Hat Enterprise Linux 8.4 Telecommunications Update Service	Unaffected: 0:2.62.3-2.el8_4.4 < * cpe:/o:redhat:rhel_e4s:8.4::baseos cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_tus:8.4::baseos cpe:/a:redhat:rhel_tus:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream
Red Hat	Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	Unaffected: 0:2.62.3-2.el8_4.4 < * cpe:/o:redhat:rhel_e4s:8.4::baseos cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_tus:8.4::baseos cpe:/a:redhat:rhel_tus:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream
Red Hat	Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	Unaffected: 0:2.62.3-2.el8_6.4 < * cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/a:redhat:rhel_e4s:8.6::appstream
Red Hat	Red Hat Enterprise Linux 8.6 Telecommunications Update Service	Unaffected: 0:2.62.3-2.el8_6.4 < * cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/a:redhat:rhel_e4s:8.6::appstream
Red Hat	Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	Unaffected: 0:2.62.3-2.el8_6.4 < * cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/a:redhat:rhel_e4s:8.6::appstream
Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support	Unaffected: 0:2.62.3-3.el8_8.4 < * cpe:/o:redhat:rhel_eus:8.8::baseos cpe:/a:redhat:rhel_eus:8.8::appstream
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:2.72.0-10.el9_6.1 < * cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	Unaffected: 0:2.72.0-8.el9_0.4 < * cpe:/a:redhat:rhel_e4s:9.0::appstream
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	Unaffected: 0:2.72.0-8.el9_2.4 < * cpe:/a:redhat:rhel_eus:9.2::appstream
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	Unaffected: 0:2.72.0-8.el9_4.4 < * cpe:/a:redhat:rhel_eus:9.4::appstream
Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-46420",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-24T13:14:47.382231Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-29T13:33:33.836Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://gitlab.gnome.org/GNOME/libsoup",
          "defaultStatus": "unaffected",
          "packageName": "libsoup",
          "versions": [
            {
              "lessThan": "3.6.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::baseos",
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-8.el8_10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::baseos",
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-8.el8_10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.2::baseos",
            "cpe:/a:redhat:rhel_aus:8.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-1.el8_2.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_e4s:8.4::baseos",
            "cpe:/o:redhat:rhel_aus:8.4::baseos",
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/a:redhat:rhel_tus:8.4::appstream",
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_e4s:8.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_4.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_e4s:8.4::baseos",
            "cpe:/o:redhat:rhel_aus:8.4::baseos",
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/a:redhat:rhel_tus:8.4::appstream",
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_e4s:8.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_4.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_e4s:8.4::baseos",
            "cpe:/o:redhat:rhel_aus:8.4::baseos",
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/a:redhat:rhel_tus:8.4::appstream",
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_e4s:8.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_4.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/o:redhat:rhel_tus:8.6::baseos",
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_6.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/o:redhat:rhel_tus:8.6::baseos",
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_6.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/o:redhat:rhel_tus:8.6::baseos",
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_6.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:8.8::baseos",
            "cpe:/a:redhat:rhel_eus:8.8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-3.el8_8.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.72.0-10.el9_6.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.0::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.72.0-8.el9_0.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.72.0-8.el9_2.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.72.0-8.el9_4.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "unaffected",
          "packageName": "libsoup3",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-04-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-401",
              "description": "Missing Release of Memory after Effective Lifetime",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-28T12:55:27.569Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:4439",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4439"
        },
        {
          "name": "RHSA-2025:4440",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4440"
        },
        {
          "name": "RHSA-2025:4508",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4508"
        },
        {
          "name": "RHSA-2025:4538",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4538"
        },
        {
          "name": "RHSA-2025:4560",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4560"
        },
        {
          "name": "RHSA-2025:4568",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4568"
        },
        {
          "name": "RHSA-2025:4609",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4609"
        },
        {
          "name": "RHSA-2025:4624",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4624"
        },
        {
          "name": "RHSA-2025:7436",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:7436"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-46420"
        },
        {
          "name": "RHBZ#2361963",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361963"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/438"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-04-24T01:33:03.009000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-04-24T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Libsoup: memory leak on soup_header_parse_quality_list() via soup-headers.c",
      "workarounds": [
        {
          "lang": "en",
          "value": "Currently, no mitigation is available for this vulnerability."
        }
      ],
      "x_redhatCweChain": "CWE-401: Missing Release of Memory after Effective Lifetime"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-46420",
    "datePublished": "2025-04-24T12:58:01.121Z",
    "dateReserved": "2025-04-24T01:37:42.412Z",
    "dateUpdated": "2025-07-29T13:33:33.836Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-32907 (GCVE-0-2025-32907)

Vulnerability from cvelistv5

Published

2025-04-14 14:00

Modified

2025-07-29 07:22

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-1050 - Excessive Platform Resource Consumption within a Loop

Summary

A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a full denial of service.

References

►

URL

Tags

	https://access.redhat.com/errata/RHSA-2025:4439	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4440	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4508	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:7436	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:8128	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:8292	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2025-32907	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2359342	issue-tracking, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

►

Version: 0 ≤

Red Hat	Red Hat Enterprise Linux 10	Unaffected: 0:3.6.5-3.el10_0.6 < * cpe:/o:redhat:enterprise_linux:10.0
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:2.8-3.el8_10.1 < * cpe:/a:redhat:enterprise_linux:8::crb cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:8.10-1 < * cpe:/a:redhat:enterprise_linux:8::crb cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:2.72.0-10.el9_6.1 < * cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	Unaffected: 0:2.72.0-8.el9_0.4 < * cpe:/a:redhat:rhel_e4s:9.0::appstream
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	Unaffected: 0:2.72.0-8.el9_2.4 < * cpe:/a:redhat:rhel_eus:9.2::appstream
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	Unaffected: 0:2.72.0-8.el9_4.4 < * cpe:/a:redhat:rhel_eus:9.4::appstream
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-32907",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-14T14:13:20.381645Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-14T18:06:39.339Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://gitlab.gnome.org/GNOME/libsoup/",
          "defaultStatus": "unaffected",
          "packageName": "libsoup",
          "versions": [
            {
              "lessThan": "3.6.5",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.0"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup3",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.6.5-3.el10_0.6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::crb",
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "mingw-freetype",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.8-3.el8_10.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::crb",
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "spice-client-win",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.10-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.72.0-10.el9_6.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.0::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.72.0-8.el9_0.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.72.0-8.el9_2.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.72.0-8.el9_4.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-04-14T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a full denial of service."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1050",
              "description": "Excessive Platform Resource Consumption within a Loop",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-29T07:22:10.578Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:4439",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4439"
        },
        {
          "name": "RHSA-2025:4440",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4440"
        },
        {
          "name": "RHSA-2025:4508",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4508"
        },
        {
          "name": "RHSA-2025:7436",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:7436"
        },
        {
          "name": "RHSA-2025:8128",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:8128"
        },
        {
          "name": "RHSA-2025:8292",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:8292"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-32907"
        },
        {
          "name": "RHBZ#2359342",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359342"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-04-14T01:27:08.699000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-04-14T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Libsoup: denial of service in server when client requests a large amount of  overlapping ranges with range header",
      "workarounds": [
        {
          "lang": "en",
          "value": "Currently, no mitigation was found for this vulnerability."
        }
      ],
      "x_redhatCweChain": "CWE-1050: Excessive Platform Resource Consumption within a Loop"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-32907",
    "datePublished": "2025-04-14T14:00:09.723Z",
    "dateReserved": "2025-04-14T01:37:48.152Z",
    "dateUpdated": "2025-07-29T07:22:10.578Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-32914 (GCVE-0-2025-32914)

Vulnerability from cvelistv5

Published

2025-04-14 14:45

Modified

2025-07-29 07:23

Severity ?

7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE

CWE-125 - Out-of-bounds Read

Summary

A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds.

References

►

URL

Tags

	https://access.redhat.com/errata/RHSA-2025:7505	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:8126	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:8132	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:8139	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:8140	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:8252	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:8480	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:8481	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:8482	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:8663	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:9179	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2025-32914	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2359358	issue-tracking, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

►

Version: 0 ≤

Red Hat	Red Hat Enterprise Linux 10	Unaffected: 0:3.6.5-3.el10_0 < * cpe:/o:redhat:enterprise_linux:10.0
Red Hat	Red Hat Enterprise Linux 7 Extended Lifecycle Support	Unaffected: 0:2.62.2-6.el7_9 < * cpe:/o:redhat:rhel_els:7
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:2.62.3-9.el8_10 < * cpe:/o:redhat:enterprise_linux:8::baseos cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:2.62.3-9.el8_10 < * cpe:/o:redhat:enterprise_linux:8::baseos cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat	Red Hat Enterprise Linux 8.2 Advanced Update Support	Unaffected: 0:2.62.3-1.el8_2.5 < * cpe:/a:redhat:rhel_aus:8.2::appstream cpe:/o:redhat:rhel_aus:8.2::baseos
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Unaffected: 0:2.62.3-2.el8_4.5 < * cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/o:redhat:rhel_aus:8.4::baseos
Red Hat	Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	Unaffected: 0:2.62.3-2.el8_6.5 < * cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_tus:8.6::baseos
Red Hat	Red Hat Enterprise Linux 8.6 Telecommunications Update Service	Unaffected: 0:2.62.3-2.el8_6.5 < * cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_tus:8.6::baseos
Red Hat	Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	Unaffected: 0:2.62.3-2.el8_6.5 < * cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_tus:8.6::baseos
Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support	Unaffected: 0:2.62.3-3.el8_8.5 < * cpe:/o:redhat:rhel_eus:8.8::baseos cpe:/a:redhat:rhel_eus:8.8::appstream
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:2.72.0-10.el9_6.2 < * cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	Unaffected: 0:2.72.0-8.el9_0.5 < * cpe:/a:redhat:rhel_e4s:9.0::appstream
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	Unaffected: 0:2.72.0-8.el9_2.5 < * cpe:/a:redhat:rhel_eus:9.2::appstream
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	Unaffected: 0:2.72.0-8.el9_4.5 < * cpe:/a:redhat:rhel_eus:9.4::appstream
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-32914",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-14T15:05:22.790979Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-14T15:05:37.281Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://gitlab.gnome.org/GNOME/libsoup/",
          "defaultStatus": "unaffected",
          "packageName": "libsoup",
          "versions": [
            {
              "lessThan": "3.6.5",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.0"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup3",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.6.5-3.el10_0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_els:7"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.2-6.el7_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::baseos",
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-9.el8_10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::baseos",
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-9.el8_10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.2::appstream",
            "cpe:/o:redhat:rhel_aus:8.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-1.el8_2.5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/o:redhat:rhel_aus:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_4.5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/o:redhat:rhel_tus:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_6.5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/o:redhat:rhel_tus:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_6.5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/o:redhat:rhel_tus:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_6.5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:8.8::baseos",
            "cpe:/a:redhat:rhel_eus:8.8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-3.el8_8.5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.72.0-10.el9_6.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.0::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.72.0-8.el9_0.5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.72.0-8.el9_2.5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.72.0-8.el9_4.5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-04-14T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-29T07:23:35.068Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:7505",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:7505"
        },
        {
          "name": "RHSA-2025:8126",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:8126"
        },
        {
          "name": "RHSA-2025:8132",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:8132"
        },
        {
          "name": "RHSA-2025:8139",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:8139"
        },
        {
          "name": "RHSA-2025:8140",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:8140"
        },
        {
          "name": "RHSA-2025:8252",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:8252"
        },
        {
          "name": "RHSA-2025:8480",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:8480"
        },
        {
          "name": "RHSA-2025:8481",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:8481"
        },
        {
          "name": "RHSA-2025:8482",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:8482"
        },
        {
          "name": "RHSA-2025:8663",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:8663"
        },
        {
          "name": "RHSA-2025:9179",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:9179"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-32914"
        },
        {
          "name": "RHBZ#2359358",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359358"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-04-14T01:21:01.384000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-04-14T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Libsoup: oob read on libsoup through function  \"soup_multipart_new_from_message\" in soup-multipart.c leads to crash or  exit of process",
      "workarounds": [
        {
          "lang": "en",
          "value": "Currently, no mitigation is available for this vulnerability."
        }
      ],
      "x_redhatCweChain": "CWE-125: Out-of-bounds Read"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-32914",
    "datePublished": "2025-04-14T14:45:46.300Z",
    "dateReserved": "2025-04-14T01:59:13.828Z",
    "dateUpdated": "2025-07-29T07:23:35.068Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

opensuse-su-2025:15044-1

Vulnerability from csaf_opensuse

CVE-2025-46421 (GCVE-0-2025-46421)

Vulnerability from cvelistv5

CVE-2025-46420 (GCVE-0-2025-46420)

Vulnerability from cvelistv5

CVE-2025-32907 (GCVE-0-2025-32907)

Vulnerability from cvelistv5

CVE-2025-32914 (GCVE-0-2025-32914)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature