csaf_redhat - rhsa-2025:4439

rhsa-2025:4439

Vulnerability from csaf_redhat

Published

2025-05-05 01:17

Modified

2025-07-29 12:14

Summary

Red Hat Security Advisory: libsoup security update

Notes

Topic

An update for libsoup is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

The libsoup packages provide an HTTP client and server library for GNOME. Security Fix(es): * libsoup: Out of bounds reads in soup_headers_parse_request() (CVE-2025-32906) * libsoup: Denial of service in server when client requests a large amount of overlapping ranges with Range header (CVE-2025-32907) * libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value (CVE-2025-32911) * libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header (CVE-2025-32913) * libsoup: Information disclosure may leads libsoup client sends Authorization header to a different host when being redirected by a server (CVE-2025-46421) * libsoup: Memory leak on soup_header_parse_quality_list() via soup-headers.c (CVE-2025-46420) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for libsoup is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The libsoup packages provide an HTTP client and server library for GNOME.\n\nSecurity Fix(es):\n\n* libsoup: Out of bounds reads in soup_headers_parse_request() (CVE-2025-32906)\n\n* libsoup: Denial of service in server when client requests a large amount of  overlapping ranges with Range header (CVE-2025-32907)\n\n* libsoup: Double free on  soup_message_headers_get_content_disposition() through  \"soup-message-headers.c\" via \"params\" GHashTable value (CVE-2025-32911)\n\n* libsoup: NULL pointer dereference in  soup_message_headers_get_content_disposition when \"filename\" parameter  is present, but has no value in Content-Disposition header (CVE-2025-32913)\n\n* libsoup: Information disclosure may leads libsoup client sends Authorization header to a different host when being redirected by a server (CVE-2025-46421)\n\n* libsoup: Memory leak on soup_header_parse_quality_list() via soup-headers.c (CVE-2025-46420)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:4439",
        "url": "https://access.redhat.com/errata/RHSA-2025:4439"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2359341",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359341"
      },
      {
        "category": "external",
        "summary": "2359342",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359342"
      },
      {
        "category": "external",
        "summary": "2359355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359355"
      },
      {
        "category": "external",
        "summary": "2359357",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359357"
      },
      {
        "category": "external",
        "summary": "2361962",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361962"
      },
      {
        "category": "external",
        "summary": "2361963",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361963"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_4439.json"
      }
    ],
    "title": "Red Hat Security Advisory: libsoup security update",
    "tracking": {
      "current_release_date": "2025-07-29T12:14:47+00:00",
      "generator": {
        "date": "2025-07-29T12:14:47+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.5"
        }
      },
      "id": "RHSA-2025:4439",
      "initial_release_date": "2025-05-05T01:17:42+00:00",
      "revision_history": [
        {
          "date": "2025-05-05T01:17:42+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-05-05T01:17:42+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-07-29T12:14:47+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
                  "product_id": "AppStream-9.0.0.Z.E4S",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_e4s:9.0::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libsoup-0:2.72.0-8.el9_0.4.src",
                "product": {
                  "name": "libsoup-0:2.72.0-8.el9_0.4.src",
                  "product_id": "libsoup-0:2.72.0-8.el9_0.4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libsoup@2.72.0-8.el9_0.4?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libsoup-0:2.72.0-8.el9_0.4.aarch64",
                "product": {
                  "name": "libsoup-0:2.72.0-8.el9_0.4.aarch64",
                  "product_id": "libsoup-0:2.72.0-8.el9_0.4.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libsoup@2.72.0-8.el9_0.4?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libsoup-devel-0:2.72.0-8.el9_0.4.aarch64",
                "product": {
                  "name": "libsoup-devel-0:2.72.0-8.el9_0.4.aarch64",
                  "product_id": "libsoup-devel-0:2.72.0-8.el9_0.4.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libsoup-devel@2.72.0-8.el9_0.4?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libsoup-debugsource-0:2.72.0-8.el9_0.4.aarch64",
                "product": {
                  "name": "libsoup-debugsource-0:2.72.0-8.el9_0.4.aarch64",
                  "product_id": "libsoup-debugsource-0:2.72.0-8.el9_0.4.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libsoup-debugsource@2.72.0-8.el9_0.4?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libsoup-debuginfo-0:2.72.0-8.el9_0.4.aarch64",
                "product": {
                  "name": "libsoup-debuginfo-0:2.72.0-8.el9_0.4.aarch64",
                  "product_id": "libsoup-debuginfo-0:2.72.0-8.el9_0.4.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libsoup-debuginfo@2.72.0-8.el9_0.4?arch=aarch64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libsoup-0:2.72.0-8.el9_0.4.ppc64le",
                "product": {
                  "name": "libsoup-0:2.72.0-8.el9_0.4.ppc64le",
                  "product_id": "libsoup-0:2.72.0-8.el9_0.4.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libsoup@2.72.0-8.el9_0.4?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libsoup-devel-0:2.72.0-8.el9_0.4.ppc64le",
                "product": {
                  "name": "libsoup-devel-0:2.72.0-8.el9_0.4.ppc64le",
                  "product_id": "libsoup-devel-0:2.72.0-8.el9_0.4.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libsoup-devel@2.72.0-8.el9_0.4?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libsoup-debugsource-0:2.72.0-8.el9_0.4.ppc64le",
                "product": {
                  "name": "libsoup-debugsource-0:2.72.0-8.el9_0.4.ppc64le",
                  "product_id": "libsoup-debugsource-0:2.72.0-8.el9_0.4.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libsoup-debugsource@2.72.0-8.el9_0.4?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libsoup-debuginfo-0:2.72.0-8.el9_0.4.ppc64le",
                "product": {
                  "name": "libsoup-debuginfo-0:2.72.0-8.el9_0.4.ppc64le",
                  "product_id": "libsoup-debuginfo-0:2.72.0-8.el9_0.4.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libsoup-debuginfo@2.72.0-8.el9_0.4?arch=ppc64le"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libsoup-0:2.72.0-8.el9_0.4.i686",
                "product": {
                  "name": "libsoup-0:2.72.0-8.el9_0.4.i686",
                  "product_id": "libsoup-0:2.72.0-8.el9_0.4.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libsoup@2.72.0-8.el9_0.4?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libsoup-devel-0:2.72.0-8.el9_0.4.i686",
                "product": {
                  "name": "libsoup-devel-0:2.72.0-8.el9_0.4.i686",
                  "product_id": "libsoup-devel-0:2.72.0-8.el9_0.4.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libsoup-devel@2.72.0-8.el9_0.4?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libsoup-debugsource-0:2.72.0-8.el9_0.4.i686",
                "product": {
                  "name": "libsoup-debugsource-0:2.72.0-8.el9_0.4.i686",
                  "product_id": "libsoup-debugsource-0:2.72.0-8.el9_0.4.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libsoup-debugsource@2.72.0-8.el9_0.4?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libsoup-debuginfo-0:2.72.0-8.el9_0.4.i686",
                "product": {
                  "name": "libsoup-debuginfo-0:2.72.0-8.el9_0.4.i686",
                  "product_id": "libsoup-debuginfo-0:2.72.0-8.el9_0.4.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libsoup-debuginfo@2.72.0-8.el9_0.4?arch=i686"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libsoup-0:2.72.0-8.el9_0.4.x86_64",
                "product": {
                  "name": "libsoup-0:2.72.0-8.el9_0.4.x86_64",
                  "product_id": "libsoup-0:2.72.0-8.el9_0.4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libsoup@2.72.0-8.el9_0.4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libsoup-devel-0:2.72.0-8.el9_0.4.x86_64",
                "product": {
                  "name": "libsoup-devel-0:2.72.0-8.el9_0.4.x86_64",
                  "product_id": "libsoup-devel-0:2.72.0-8.el9_0.4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libsoup-devel@2.72.0-8.el9_0.4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libsoup-debugsource-0:2.72.0-8.el9_0.4.x86_64",
                "product": {
                  "name": "libsoup-debugsource-0:2.72.0-8.el9_0.4.x86_64",
                  "product_id": "libsoup-debugsource-0:2.72.0-8.el9_0.4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libsoup-debugsource@2.72.0-8.el9_0.4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libsoup-debuginfo-0:2.72.0-8.el9_0.4.x86_64",
                "product": {
                  "name": "libsoup-debuginfo-0:2.72.0-8.el9_0.4.x86_64",
                  "product_id": "libsoup-debuginfo-0:2.72.0-8.el9_0.4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libsoup-debuginfo@2.72.0-8.el9_0.4?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libsoup-0:2.72.0-8.el9_0.4.s390x",
                "product": {
                  "name": "libsoup-0:2.72.0-8.el9_0.4.s390x",
                  "product_id": "libsoup-0:2.72.0-8.el9_0.4.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libsoup@2.72.0-8.el9_0.4?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libsoup-devel-0:2.72.0-8.el9_0.4.s390x",
                "product": {
                  "name": "libsoup-devel-0:2.72.0-8.el9_0.4.s390x",
                  "product_id": "libsoup-devel-0:2.72.0-8.el9_0.4.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libsoup-devel@2.72.0-8.el9_0.4?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libsoup-debugsource-0:2.72.0-8.el9_0.4.s390x",
                "product": {
                  "name": "libsoup-debugsource-0:2.72.0-8.el9_0.4.s390x",
                  "product_id": "libsoup-debugsource-0:2.72.0-8.el9_0.4.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libsoup-debugsource@2.72.0-8.el9_0.4?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libsoup-debuginfo-0:2.72.0-8.el9_0.4.s390x",
                "product": {
                  "name": "libsoup-debuginfo-0:2.72.0-8.el9_0.4.s390x",
                  "product_id": "libsoup-debuginfo-0:2.72.0-8.el9_0.4.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libsoup-debuginfo@2.72.0-8.el9_0.4?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup-0:2.72.0-8.el9_0.4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.aarch64"
        },
        "product_reference": "libsoup-0:2.72.0-8.el9_0.4.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup-0:2.72.0-8.el9_0.4.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.i686"
        },
        "product_reference": "libsoup-0:2.72.0-8.el9_0.4.i686",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup-0:2.72.0-8.el9_0.4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.ppc64le"
        },
        "product_reference": "libsoup-0:2.72.0-8.el9_0.4.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup-0:2.72.0-8.el9_0.4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.s390x"
        },
        "product_reference": "libsoup-0:2.72.0-8.el9_0.4.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup-0:2.72.0-8.el9_0.4.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.src"
        },
        "product_reference": "libsoup-0:2.72.0-8.el9_0.4.src",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup-0:2.72.0-8.el9_0.4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.x86_64"
        },
        "product_reference": "libsoup-0:2.72.0-8.el9_0.4.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup-debuginfo-0:2.72.0-8.el9_0.4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.aarch64"
        },
        "product_reference": "libsoup-debuginfo-0:2.72.0-8.el9_0.4.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup-debuginfo-0:2.72.0-8.el9_0.4.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.i686"
        },
        "product_reference": "libsoup-debuginfo-0:2.72.0-8.el9_0.4.i686",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup-debuginfo-0:2.72.0-8.el9_0.4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.ppc64le"
        },
        "product_reference": "libsoup-debuginfo-0:2.72.0-8.el9_0.4.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup-debuginfo-0:2.72.0-8.el9_0.4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.s390x"
        },
        "product_reference": "libsoup-debuginfo-0:2.72.0-8.el9_0.4.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup-debuginfo-0:2.72.0-8.el9_0.4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.x86_64"
        },
        "product_reference": "libsoup-debuginfo-0:2.72.0-8.el9_0.4.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup-debugsource-0:2.72.0-8.el9_0.4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.aarch64"
        },
        "product_reference": "libsoup-debugsource-0:2.72.0-8.el9_0.4.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup-debugsource-0:2.72.0-8.el9_0.4.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.i686"
        },
        "product_reference": "libsoup-debugsource-0:2.72.0-8.el9_0.4.i686",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup-debugsource-0:2.72.0-8.el9_0.4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.ppc64le"
        },
        "product_reference": "libsoup-debugsource-0:2.72.0-8.el9_0.4.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup-debugsource-0:2.72.0-8.el9_0.4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.s390x"
        },
        "product_reference": "libsoup-debugsource-0:2.72.0-8.el9_0.4.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup-debugsource-0:2.72.0-8.el9_0.4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.x86_64"
        },
        "product_reference": "libsoup-debugsource-0:2.72.0-8.el9_0.4.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup-devel-0:2.72.0-8.el9_0.4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.aarch64"
        },
        "product_reference": "libsoup-devel-0:2.72.0-8.el9_0.4.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup-devel-0:2.72.0-8.el9_0.4.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.i686"
        },
        "product_reference": "libsoup-devel-0:2.72.0-8.el9_0.4.i686",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup-devel-0:2.72.0-8.el9_0.4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.ppc64le"
        },
        "product_reference": "libsoup-devel-0:2.72.0-8.el9_0.4.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup-devel-0:2.72.0-8.el9_0.4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.s390x"
        },
        "product_reference": "libsoup-devel-0:2.72.0-8.el9_0.4.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup-devel-0:2.72.0-8.el9_0.4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.x86_64"
        },
        "product_reference": "libsoup-devel-0:2.72.0-8.el9_0.4.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-32906",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2025-04-14T01:27:05.130000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2359341"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libsoup: Out of bounds reads in soup_headers_parse_request()",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.aarch64",
          "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.i686",
          "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.ppc64le",
          "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.s390x",
          "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.src",
          "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.x86_64",
          "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.aarch64",
          "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.i686",
          "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.ppc64le",
          "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.s390x",
          "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.x86_64",
          "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.aarch64",
          "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.i686",
          "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.ppc64le",
          "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.s390x",
          "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.x86_64",
          "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.aarch64",
          "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.i686",
          "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.ppc64le",
          "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.s390x",
          "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-32906"
        },
        {
          "category": "external",
          "summary": "RHBZ#2359341",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359341"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-32906",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-32906"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32906",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32906"
        }
      ],
      "release_date": "2025-04-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-05-05T01:17:42+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.src",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:4439"
        },
        {
          "category": "workaround",
          "details": "Currently, no mitigation was found for this vulnerability.",
          "product_ids": [
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.src",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.src",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "libsoup: Out of bounds reads in soup_headers_parse_request()"
    },
    {
      "cve": "CVE-2025-32907",
      "cwe": {
        "id": "CWE-1050",
        "name": "Excessive Platform Resource Consumption within a Loop"
      },
      "discovery_date": "2025-04-14T01:27:08.699000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2359342"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a full denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libsoup: Denial of service in server when client requests a large amount of  overlapping ranges with Range header",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.aarch64",
          "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.i686",
          "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.ppc64le",
          "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.s390x",
          "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.src",
          "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.x86_64",
          "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.aarch64",
          "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.i686",
          "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.ppc64le",
          "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.s390x",
          "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.x86_64",
          "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.aarch64",
          "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.i686",
          "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.ppc64le",
          "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.s390x",
          "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.x86_64",
          "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.aarch64",
          "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.i686",
          "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.ppc64le",
          "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.s390x",
          "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-32907"
        },
        {
          "category": "external",
          "summary": "RHBZ#2359342",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359342"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-32907",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-32907"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32907",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32907"
        }
      ],
      "release_date": "2025-04-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-05-05T01:17:42+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.src",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:4439"
        },
        {
          "category": "workaround",
          "details": "Currently, no mitigation was found for this vulnerability.",
          "product_ids": [
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.src",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.src",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "libsoup: Denial of service in server when client requests a large amount of  overlapping ranges with Range header"
    },
    {
      "cve": "CVE-2025-32911",
      "cwe": {
        "id": "CWE-590",
        "name": "Free of Memory not on the Heap"
      },
      "discovery_date": "2025-04-14T01:21:00.518000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2359355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libsoup: Double free on  soup_message_headers_get_content_disposition() through  \"soup-message-headers.c\" via \"params\" GHashTable value",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.aarch64",
          "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.i686",
          "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.ppc64le",
          "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.s390x",
          "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.src",
          "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.x86_64",
          "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.aarch64",
          "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.i686",
          "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.ppc64le",
          "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.s390x",
          "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.x86_64",
          "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.aarch64",
          "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.i686",
          "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.ppc64le",
          "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.s390x",
          "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.x86_64",
          "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.aarch64",
          "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.i686",
          "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.ppc64le",
          "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.s390x",
          "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-32911"
        },
        {
          "category": "external",
          "summary": "RHBZ#2359355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359355"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-32911",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-32911"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32911",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32911"
        }
      ],
      "release_date": "2025-04-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-05-05T01:17:42+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.src",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:4439"
        },
        {
          "category": "workaround",
          "details": "Currently, no mitigation is available for this vulnerability.",
          "product_ids": [
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.src",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.0,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.src",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "libsoup: Double free on  soup_message_headers_get_content_disposition() through  \"soup-message-headers.c\" via \"params\" GHashTable value"
    },
    {
      "cve": "CVE-2025-32913",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "discovery_date": "2025-04-14T01:21:01.010000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2359357"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in libsoup, where the soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libsoup: NULL pointer dereference in  soup_message_headers_get_content_disposition when \"filename\" parameter  is present, but has no value in Content-Disposition header",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.aarch64",
          "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.i686",
          "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.ppc64le",
          "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.s390x",
          "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.src",
          "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.x86_64",
          "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.aarch64",
          "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.i686",
          "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.ppc64le",
          "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.s390x",
          "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.x86_64",
          "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.aarch64",
          "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.i686",
          "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.ppc64le",
          "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.s390x",
          "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.x86_64",
          "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.aarch64",
          "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.i686",
          "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.ppc64le",
          "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.s390x",
          "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-32913"
        },
        {
          "category": "external",
          "summary": "RHBZ#2359357",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359357"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-32913",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-32913"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32913",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32913"
        }
      ],
      "release_date": "2025-04-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-05-05T01:17:42+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.src",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:4439"
        },
        {
          "category": "workaround",
          "details": "Currently, no mitigation is available for this vulnerability.",
          "product_ids": [
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.src",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.src",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "libsoup: NULL pointer dereference in  soup_message_headers_get_content_disposition when \"filename\" parameter  is present, but has no value in Content-Disposition header"
    },
    {
      "cve": "CVE-2025-46420",
      "cwe": {
        "id": "CWE-401",
        "name": "Missing Release of Memory after Effective Lifetime"
      },
      "discovery_date": "2025-04-24T01:33:03.009000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2361963"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libsoup: Memory leak on soup_header_parse_quality_list() via soup-headers.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.aarch64",
          "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.i686",
          "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.ppc64le",
          "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.s390x",
          "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.src",
          "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.x86_64",
          "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.aarch64",
          "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.i686",
          "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.ppc64le",
          "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.s390x",
          "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.x86_64",
          "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.aarch64",
          "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.i686",
          "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.ppc64le",
          "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.s390x",
          "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.x86_64",
          "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.aarch64",
          "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.i686",
          "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.ppc64le",
          "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.s390x",
          "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-46420"
        },
        {
          "category": "external",
          "summary": "RHBZ#2361963",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361963"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-46420",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-46420"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-46420",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46420"
        },
        {
          "category": "external",
          "summary": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/438",
          "url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/438"
        }
      ],
      "release_date": "2025-04-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-05-05T01:17:42+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.src",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:4439"
        },
        {
          "category": "workaround",
          "details": "Currently, no mitigation is available for this vulnerability.",
          "product_ids": [
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.src",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.src",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "libsoup: Memory leak on soup_header_parse_quality_list() via soup-headers.c"
    },
    {
      "cve": "CVE-2025-46421",
      "cwe": {
        "id": "CWE-497",
        "name": "Exposure of Sensitive System Information to an Unauthorized Control Sphere"
      },
      "discovery_date": "2025-04-24T01:35:00.884000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2361962"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libsoup: Information disclosure may leads libsoup client sends Authorization header to a different host when being redirected by a server",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.aarch64",
          "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.i686",
          "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.ppc64le",
          "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.s390x",
          "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.src",
          "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.x86_64",
          "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.aarch64",
          "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.i686",
          "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.ppc64le",
          "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.s390x",
          "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.x86_64",
          "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.aarch64",
          "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.i686",
          "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.ppc64le",
          "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.s390x",
          "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.x86_64",
          "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.aarch64",
          "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.i686",
          "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.ppc64le",
          "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.s390x",
          "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-46421"
        },
        {
          "category": "external",
          "summary": "RHBZ#2361962",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361962"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-46421",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-46421"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-46421",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46421"
        },
        {
          "category": "external",
          "summary": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/439",
          "url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/439"
        }
      ],
      "release_date": "2025-04-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-05-05T01:17:42+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.src",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:4439"
        },
        {
          "category": "workaround",
          "details": "Currently, no mitigation is available for this vulnerability.",
          "product_ids": [
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.src",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.src",
            "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.4.x86_64",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.aarch64",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.i686",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.ppc64le",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.s390x",
            "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "libsoup: Information disclosure may leads libsoup client sends Authorization header to a different host when being redirected by a server"
    }
  ]
}

CVE-2025-32913 (GCVE-0-2025-32913)

Vulnerability from cvelistv5

Published

2025-04-14 13:37

Modified

2025-07-29 00:26

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Summary

A flaw was found in libsoup, where the soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function.

References

►

URL

Tags

	https://access.redhat.com/errata/RHSA-2025:4439	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4440	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4508	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4538	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4560	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4568	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4609	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4624	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:7436	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:8292	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:9179	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2025-32913	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2359357	issue-tracking, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

►

Version: 0 ≤

Red Hat	Red Hat Enterprise Linux 7 Extended Lifecycle Support	Unaffected: 0:2.62.2-6.el7_9 < * cpe:/o:redhat:rhel_els:7
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:2.62.3-8.el8_10 < * cpe:/a:redhat:enterprise_linux:8::appstream cpe:/o:redhat:enterprise_linux:8::baseos
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:2.8-3.el8_10.1 < * cpe:/a:redhat:enterprise_linux:8::crb cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:8.10-1 < * cpe:/a:redhat:enterprise_linux:8::crb cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:2.62.3-8.el8_10 < * cpe:/a:redhat:enterprise_linux:8::appstream cpe:/o:redhat:enterprise_linux:8::baseos
Red Hat	Red Hat Enterprise Linux 8.2 Advanced Update Support	Unaffected: 0:2.62.3-1.el8_2.4 < * cpe:/a:redhat:rhel_aus:8.2::appstream cpe:/o:redhat:rhel_aus:8.2::baseos
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Unaffected: 0:2.62.3-2.el8_4.4 < * cpe:/a:redhat:rhel_tus:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/o:redhat:rhel_tus:8.4::baseos cpe:/o:redhat:rhel_e4s:8.4::baseos cpe:/o:redhat:rhel_aus:8.4::baseos
Red Hat	Red Hat Enterprise Linux 8.4 Telecommunications Update Service	Unaffected: 0:2.62.3-2.el8_4.4 < * cpe:/a:redhat:rhel_tus:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/o:redhat:rhel_tus:8.4::baseos cpe:/o:redhat:rhel_e4s:8.4::baseos cpe:/o:redhat:rhel_aus:8.4::baseos
Red Hat	Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	Unaffected: 0:2.62.3-2.el8_4.4 < * cpe:/a:redhat:rhel_tus:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/o:redhat:rhel_tus:8.4::baseos cpe:/o:redhat:rhel_e4s:8.4::baseos cpe:/o:redhat:rhel_aus:8.4::baseos
Red Hat	Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	Unaffected: 0:2.62.3-2.el8_6.4 < * cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/o:redhat:rhel_e4s:8.6::baseos
Red Hat	Red Hat Enterprise Linux 8.6 Telecommunications Update Service	Unaffected: 0:2.62.3-2.el8_6.4 < * cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/o:redhat:rhel_e4s:8.6::baseos
Red Hat	Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	Unaffected: 0:2.62.3-2.el8_6.4 < * cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/o:redhat:rhel_e4s:8.6::baseos
Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support	Unaffected: 0:2.62.3-3.el8_8.4 < * cpe:/a:redhat:rhel_eus:8.8::appstream cpe:/o:redhat:rhel_eus:8.8::baseos
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:2.72.0-10.el9_6.1 < * cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	Unaffected: 0:2.72.0-8.el9_0.4 < * cpe:/a:redhat:rhel_e4s:9.0::appstream
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	Unaffected: 0:2.72.0-8.el9_2.4 < * cpe:/a:redhat:rhel_eus:9.2::appstream
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	Unaffected: 0:2.72.0-8.el9_4.4 < * cpe:/a:redhat:rhel_eus:9.4::appstream
Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-32913",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-14T13:54:02.941942Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-14T13:54:31.425Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://gitlab.gnome.org/GNOME/libsoup/",
          "defaultStatus": "unaffected",
          "packageName": "libsoup",
          "versions": [
            {
              "lessThan": "3.6.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_els:7"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.2-6.el7_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream",
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-8.el8_10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::crb",
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "mingw-freetype",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.8-3.el8_10.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::crb",
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "spice-client-win",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.10-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream",
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-8.el8_10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.2::appstream",
            "cpe:/o:redhat:rhel_aus:8.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-1.el8_2.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_tus:8.4::appstream",
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_e4s:8.4::appstream",
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/o:redhat:rhel_e4s:8.4::baseos",
            "cpe:/o:redhat:rhel_aus:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_4.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_tus:8.4::appstream",
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_e4s:8.4::appstream",
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/o:redhat:rhel_e4s:8.4::baseos",
            "cpe:/o:redhat:rhel_aus:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_4.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_tus:8.4::appstream",
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_e4s:8.4::appstream",
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/o:redhat:rhel_e4s:8.4::baseos",
            "cpe:/o:redhat:rhel_aus:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_4.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/o:redhat:rhel_tus:8.6::baseos",
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_6.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/o:redhat:rhel_tus:8.6::baseos",
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_6.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/o:redhat:rhel_tus:8.6::baseos",
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_6.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:8.8::appstream",
            "cpe:/o:redhat:rhel_eus:8.8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-3.el8_8.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.72.0-10.el9_6.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.0::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.72.0-8.el9_0.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.72.0-8.el9_2.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.72.0-8.el9_4.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "unaffected",
          "packageName": "libsoup3",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-04-14T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in libsoup, where the soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-29T00:26:23.642Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:4439",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4439"
        },
        {
          "name": "RHSA-2025:4440",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4440"
        },
        {
          "name": "RHSA-2025:4508",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4508"
        },
        {
          "name": "RHSA-2025:4538",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4538"
        },
        {
          "name": "RHSA-2025:4560",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4560"
        },
        {
          "name": "RHSA-2025:4568",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4568"
        },
        {
          "name": "RHSA-2025:4609",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4609"
        },
        {
          "name": "RHSA-2025:4624",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4624"
        },
        {
          "name": "RHSA-2025:7436",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:7436"
        },
        {
          "name": "RHSA-2025:8292",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:8292"
        },
        {
          "name": "RHSA-2025:9179",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:9179"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-32913"
        },
        {
          "name": "RHBZ#2359357",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359357"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-04-14T01:21:01.010000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-04-14T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Libsoup: null pointer dereference in  soup_message_headers_get_content_disposition when \"filename\" parameter  is present, but has no value in content-disposition header",
      "workarounds": [
        {
          "lang": "en",
          "value": "Currently, no mitigation is available for this vulnerability."
        }
      ],
      "x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-32913",
    "datePublished": "2025-04-14T13:37:36.587Z",
    "dateReserved": "2025-04-14T01:59:13.827Z",
    "dateUpdated": "2025-07-29T00:26:23.642Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-46421 (GCVE-0-2025-46421)

Vulnerability from cvelistv5

Published

2025-04-24 13:01

Modified

2025-07-29 13:32

Severity ?

6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE

CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere

Summary

A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect.

References

►

URL

Tags

	https://access.redhat.com/errata/RHSA-2025:4439	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4440	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4508	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4538	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4560	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4568	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4609	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4624	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:7436	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:7505	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2025-46421	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2361962	issue-tracking, x_refsource_REDHAT
	https://gitlab.gnome.org/GNOME/libsoup/-/issues/439

Impacted products

Vendor

Product

Version

►

Version: 0 ≤

Red Hat	Red Hat Enterprise Linux 10	Unaffected: 0:3.6.5-3.el10_0 < * cpe:/o:redhat:enterprise_linux:10.0
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:2.62.3-8.el8_10 < * cpe:/o:redhat:enterprise_linux:8::baseos cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:2.62.3-8.el8_10 < * cpe:/o:redhat:enterprise_linux:8::baseos cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat	Red Hat Enterprise Linux 8.2 Advanced Update Support	Unaffected: 0:2.62.3-1.el8_2.4 < * cpe:/a:redhat:rhel_aus:8.2::appstream cpe:/o:redhat:rhel_aus:8.2::baseos
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Unaffected: 0:2.62.3-2.el8_4.4 < * cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/o:redhat:rhel_e4s:8.4::baseos cpe:/o:redhat:rhel_tus:8.4::baseos cpe:/a:redhat:rhel_tus:8.4::appstream
Red Hat	Red Hat Enterprise Linux 8.4 Telecommunications Update Service	Unaffected: 0:2.62.3-2.el8_4.4 < * cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/o:redhat:rhel_e4s:8.4::baseos cpe:/o:redhat:rhel_tus:8.4::baseos cpe:/a:redhat:rhel_tus:8.4::appstream
Red Hat	Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	Unaffected: 0:2.62.3-2.el8_4.4 < * cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/o:redhat:rhel_e4s:8.4::baseos cpe:/o:redhat:rhel_tus:8.4::baseos cpe:/a:redhat:rhel_tus:8.4::appstream
Red Hat	Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	Unaffected: 0:2.62.3-2.el8_6.4 < * cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/a:redhat:rhel_aus:8.6::appstream
Red Hat	Red Hat Enterprise Linux 8.6 Telecommunications Update Service	Unaffected: 0:2.62.3-2.el8_6.4 < * cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/a:redhat:rhel_aus:8.6::appstream
Red Hat	Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	Unaffected: 0:2.62.3-2.el8_6.4 < * cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/a:redhat:rhel_aus:8.6::appstream
Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support	Unaffected: 0:2.62.3-3.el8_8.4 < * cpe:/o:redhat:rhel_eus:8.8::baseos cpe:/a:redhat:rhel_eus:8.8::appstream
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:2.72.0-10.el9_6.1 < * cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	Unaffected: 0:2.72.0-8.el9_0.4 < * cpe:/a:redhat:rhel_e4s:9.0::appstream
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	Unaffected: 0:2.72.0-8.el9_2.4 < * cpe:/a:redhat:rhel_eus:9.2::appstream
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	Unaffected: 0:2.72.0-8.el9_4.4 < * cpe:/a:redhat:rhel_eus:9.4::appstream
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-46421",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-24T13:12:43.291380Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-29T13:32:41.957Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://gitlab.gnome.org/GNOME/libsoup",
          "defaultStatus": "unaffected",
          "packageName": "libsoup",
          "versions": [
            {
              "lessThan": "3.6.5",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.0"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup3",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.6.5-3.el10_0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::baseos",
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-8.el8_10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::baseos",
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-8.el8_10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.2::appstream",
            "cpe:/o:redhat:rhel_aus:8.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-1.el8_2.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.4::baseos",
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_e4s:8.4::appstream",
            "cpe:/o:redhat:rhel_e4s:8.4::baseos",
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/a:redhat:rhel_tus:8.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_4.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.4::baseos",
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_e4s:8.4::appstream",
            "cpe:/o:redhat:rhel_e4s:8.4::baseos",
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/a:redhat:rhel_tus:8.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_4.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.4::baseos",
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_e4s:8.4::appstream",
            "cpe:/o:redhat:rhel_e4s:8.4::baseos",
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/a:redhat:rhel_tus:8.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_4.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/o:redhat:rhel_tus:8.6::baseos",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/a:redhat:rhel_aus:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_6.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/o:redhat:rhel_tus:8.6::baseos",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/a:redhat:rhel_aus:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_6.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/o:redhat:rhel_tus:8.6::baseos",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/a:redhat:rhel_aus:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_6.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:8.8::baseos",
            "cpe:/a:redhat:rhel_eus:8.8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-3.el8_8.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.72.0-10.el9_6.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.0::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.72.0-8.el9_0.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.72.0-8.el9_2.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.72.0-8.el9_4.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-04-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-497",
              "description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-28T12:50:25.307Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:4439",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4439"
        },
        {
          "name": "RHSA-2025:4440",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4440"
        },
        {
          "name": "RHSA-2025:4508",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4508"
        },
        {
          "name": "RHSA-2025:4538",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4538"
        },
        {
          "name": "RHSA-2025:4560",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4560"
        },
        {
          "name": "RHSA-2025:4568",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4568"
        },
        {
          "name": "RHSA-2025:4609",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4609"
        },
        {
          "name": "RHSA-2025:4624",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4624"
        },
        {
          "name": "RHSA-2025:7436",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:7436"
        },
        {
          "name": "RHSA-2025:7505",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:7505"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-46421"
        },
        {
          "name": "RHBZ#2361962",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361962"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/439"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-04-24T01:35:00.884000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-04-24T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Libsoup: information disclosure may leads libsoup client sends authorization header to a different host when being redirected by a server",
      "workarounds": [
        {
          "lang": "en",
          "value": "Currently, no mitigation is available for this vulnerability."
        }
      ],
      "x_redhatCweChain": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-46421",
    "datePublished": "2025-04-24T13:01:24.589Z",
    "dateReserved": "2025-04-24T01:37:42.413Z",
    "dateUpdated": "2025-07-29T13:32:41.957Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-32907 (GCVE-0-2025-32907)

Vulnerability from cvelistv5

Published

2025-04-14 14:00

Modified

2025-07-29 07:22

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-1050 - Excessive Platform Resource Consumption within a Loop

Summary

A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a full denial of service.

References

►

URL

Tags

	https://access.redhat.com/errata/RHSA-2025:4439	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4440	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4508	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:7436	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:8128	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:8292	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2025-32907	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2359342	issue-tracking, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

►

Version: 0 ≤

Red Hat	Red Hat Enterprise Linux 10	Unaffected: 0:3.6.5-3.el10_0.6 < * cpe:/o:redhat:enterprise_linux:10.0
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:2.8-3.el8_10.1 < * cpe:/a:redhat:enterprise_linux:8::crb cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:8.10-1 < * cpe:/a:redhat:enterprise_linux:8::crb cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:2.72.0-10.el9_6.1 < * cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	Unaffected: 0:2.72.0-8.el9_0.4 < * cpe:/a:redhat:rhel_e4s:9.0::appstream
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	Unaffected: 0:2.72.0-8.el9_2.4 < * cpe:/a:redhat:rhel_eus:9.2::appstream
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	Unaffected: 0:2.72.0-8.el9_4.4 < * cpe:/a:redhat:rhel_eus:9.4::appstream
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-32907",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-14T14:13:20.381645Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-14T18:06:39.339Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://gitlab.gnome.org/GNOME/libsoup/",
          "defaultStatus": "unaffected",
          "packageName": "libsoup",
          "versions": [
            {
              "lessThan": "3.6.5",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.0"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup3",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.6.5-3.el10_0.6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::crb",
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "mingw-freetype",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.8-3.el8_10.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::crb",
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "spice-client-win",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.10-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.72.0-10.el9_6.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.0::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.72.0-8.el9_0.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.72.0-8.el9_2.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.72.0-8.el9_4.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-04-14T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a full denial of service."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1050",
              "description": "Excessive Platform Resource Consumption within a Loop",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-29T07:22:10.578Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:4439",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4439"
        },
        {
          "name": "RHSA-2025:4440",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4440"
        },
        {
          "name": "RHSA-2025:4508",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4508"
        },
        {
          "name": "RHSA-2025:7436",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:7436"
        },
        {
          "name": "RHSA-2025:8128",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:8128"
        },
        {
          "name": "RHSA-2025:8292",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:8292"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-32907"
        },
        {
          "name": "RHBZ#2359342",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359342"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-04-14T01:27:08.699000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-04-14T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Libsoup: denial of service in server when client requests a large amount of  overlapping ranges with range header",
      "workarounds": [
        {
          "lang": "en",
          "value": "Currently, no mitigation was found for this vulnerability."
        }
      ],
      "x_redhatCweChain": "CWE-1050: Excessive Platform Resource Consumption within a Loop"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-32907",
    "datePublished": "2025-04-14T14:00:09.723Z",
    "dateReserved": "2025-04-14T01:37:48.152Z",
    "dateUpdated": "2025-07-29T07:22:10.578Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-32911 (GCVE-0-2025-32911)

Vulnerability from cvelistv5

Published

2025-04-15 15:39

Modified

2025-07-29 00:26

Severity ?

9.0 (Critical) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-590 - Free of Memory not on the Heap

Summary

A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server.

References

►

URL

Tags

	https://access.redhat.com/errata/RHSA-2025:4439	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4440	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4508	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4538	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4560	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4568	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4609	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4624	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:7436	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:8292	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:9179	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2025-32911	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2359355	issue-tracking, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

►

Version: 0 ≤

Red Hat	Red Hat Enterprise Linux 7 Extended Lifecycle Support	Unaffected: 0:2.62.2-6.el7_9 < * cpe:/o:redhat:rhel_els:7
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:2.62.3-8.el8_10 < * cpe:/a:redhat:enterprise_linux:8::appstream cpe:/o:redhat:enterprise_linux:8::baseos
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:2.8-3.el8_10.1 < * cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:enterprise_linux:8::crb
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:8.10-1 < * cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:enterprise_linux:8::crb
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:2.62.3-8.el8_10 < * cpe:/a:redhat:enterprise_linux:8::appstream cpe:/o:redhat:enterprise_linux:8::baseos
Red Hat	Red Hat Enterprise Linux 8.2 Advanced Update Support	Unaffected: 0:2.62.3-1.el8_2.4 < * cpe:/o:redhat:rhel_aus:8.2::baseos cpe:/a:redhat:rhel_aus:8.2::appstream
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Unaffected: 0:2.62.3-2.el8_4.4 < * cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/o:redhat:rhel_tus:8.4::baseos cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/o:redhat:rhel_e4s:8.4::baseos cpe:/a:redhat:rhel_tus:8.4::appstream
Red Hat	Red Hat Enterprise Linux 8.4 Telecommunications Update Service	Unaffected: 0:2.62.3-2.el8_4.4 < * cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/o:redhat:rhel_tus:8.4::baseos cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/o:redhat:rhel_e4s:8.4::baseos cpe:/a:redhat:rhel_tus:8.4::appstream
Red Hat	Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	Unaffected: 0:2.62.3-2.el8_4.4 < * cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/o:redhat:rhel_tus:8.4::baseos cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/o:redhat:rhel_e4s:8.4::baseos cpe:/a:redhat:rhel_tus:8.4::appstream
Red Hat	Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	Unaffected: 0:2.62.3-2.el8_6.4 < * cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/a:redhat:rhel_e4s:8.6::appstream
Red Hat	Red Hat Enterprise Linux 8.6 Telecommunications Update Service	Unaffected: 0:2.62.3-2.el8_6.4 < * cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/a:redhat:rhel_e4s:8.6::appstream
Red Hat	Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	Unaffected: 0:2.62.3-2.el8_6.4 < * cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/a:redhat:rhel_e4s:8.6::appstream
Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support	Unaffected: 0:2.62.3-3.el8_8.4 < * cpe:/o:redhat:rhel_eus:8.8::baseos cpe:/a:redhat:rhel_eus:8.8::appstream
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:2.72.0-10.el9_6.1 < * cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	Unaffected: 0:2.72.0-8.el9_0.4 < * cpe:/a:redhat:rhel_e4s:9.0::appstream
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	Unaffected: 0:2.72.0-8.el9_2.4 < * cpe:/a:redhat:rhel_eus:9.2::appstream
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	Unaffected: 0:2.72.0-8.el9_4.4 < * cpe:/a:redhat:rhel_eus:9.4::appstream
Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-32911",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-15T15:57:21.589990Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-15T15:57:38.074Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://gitlab.gnome.org/GNOME/libsoup/",
          "defaultStatus": "unaffected",
          "packageName": "libsoup",
          "versions": [
            {
              "lessThan": "3.6.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_els:7"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.2-6.el7_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream",
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-8.el8_10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream",
            "cpe:/a:redhat:enterprise_linux:8::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "mingw-freetype",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.8-3.el8_10.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream",
            "cpe:/a:redhat:enterprise_linux:8::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "spice-client-win",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.10-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream",
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-8.el8_10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.2::baseos",
            "cpe:/a:redhat:rhel_aus:8.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-1.el8_2.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.4::baseos",
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/a:redhat:rhel_e4s:8.4::appstream",
            "cpe:/o:redhat:rhel_e4s:8.4::baseos",
            "cpe:/a:redhat:rhel_tus:8.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_4.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.4::baseos",
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/a:redhat:rhel_e4s:8.4::appstream",
            "cpe:/o:redhat:rhel_e4s:8.4::baseos",
            "cpe:/a:redhat:rhel_tus:8.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_4.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.4::baseos",
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/a:redhat:rhel_e4s:8.4::appstream",
            "cpe:/o:redhat:rhel_e4s:8.4::baseos",
            "cpe:/a:redhat:rhel_tus:8.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_4.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/o:redhat:rhel_tus:8.6::baseos",
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_6.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/o:redhat:rhel_tus:8.6::baseos",
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_6.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/o:redhat:rhel_tus:8.6::baseos",
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_6.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:8.8::baseos",
            "cpe:/a:redhat:rhel_eus:8.8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-3.el8_8.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.72.0-10.el9_6.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.0::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.72.0-8.el9_0.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.72.0-8.el9_2.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.72.0-8.el9_4.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "unaffected",
          "packageName": "libsoup3",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-04-14T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-590",
              "description": "Free of Memory not on the Heap",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-29T00:26:14.313Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:4439",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4439"
        },
        {
          "name": "RHSA-2025:4440",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4440"
        },
        {
          "name": "RHSA-2025:4508",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4508"
        },
        {
          "name": "RHSA-2025:4538",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4538"
        },
        {
          "name": "RHSA-2025:4560",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4560"
        },
        {
          "name": "RHSA-2025:4568",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4568"
        },
        {
          "name": "RHSA-2025:4609",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4609"
        },
        {
          "name": "RHSA-2025:4624",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4624"
        },
        {
          "name": "RHSA-2025:7436",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:7436"
        },
        {
          "name": "RHSA-2025:8292",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:8292"
        },
        {
          "name": "RHSA-2025:9179",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:9179"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-32911"
        },
        {
          "name": "RHBZ#2359355",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359355"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-04-14T01:21:00.518000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-04-14T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Libsoup: double free on  soup_message_headers_get_content_disposition() through  \"soup-message-headers.c\" via \"params\" ghashtable value",
      "workarounds": [
        {
          "lang": "en",
          "value": "Currently, no mitigation is available for this vulnerability."
        }
      ],
      "x_redhatCweChain": "CWE-590: Free of Memory not on the Heap"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-32911",
    "datePublished": "2025-04-15T15:39:34.919Z",
    "dateReserved": "2025-04-14T01:59:13.827Z",
    "dateUpdated": "2025-07-29T00:26:14.313Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-32906 (GCVE-0-2025-32906)

Vulnerability from cvelistv5

Published

2025-04-14 13:58

Modified

2025-07-29 00:25

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-125 - Out-of-bounds Read

Summary

A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server.

References

►

URL

Tags

	https://access.redhat.com/errata/RHSA-2025:4439	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4440	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4508	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4538	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4560	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4568	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4609	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4624	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:7436	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:7505	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:8292	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:9179	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2025-32906	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2359341	issue-tracking, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

►

Version: 0 ≤

Red Hat	Red Hat Enterprise Linux 10	Unaffected: 0:3.6.5-3.el10_0 < * cpe:/o:redhat:enterprise_linux:10.0
Red Hat	Red Hat Enterprise Linux 7 Extended Lifecycle Support	Unaffected: 0:2.62.2-6.el7_9 < * cpe:/o:redhat:rhel_els:7
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:2.62.3-8.el8_10 < * cpe:/a:redhat:enterprise_linux:8::appstream cpe:/o:redhat:enterprise_linux:8::baseos
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:2.8-3.el8_10.1 < * cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:enterprise_linux:8::crb
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:8.10-1 < * cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:enterprise_linux:8::crb
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:2.62.3-8.el8_10 < * cpe:/a:redhat:enterprise_linux:8::appstream cpe:/o:redhat:enterprise_linux:8::baseos
Red Hat	Red Hat Enterprise Linux 8.2 Advanced Update Support	Unaffected: 0:2.62.3-1.el8_2.4 < * cpe:/o:redhat:rhel_aus:8.2::baseos cpe:/a:redhat:rhel_aus:8.2::appstream
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Unaffected: 0:2.62.3-2.el8_4.4 < * cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream cpe:/o:redhat:rhel_tus:8.4::baseos cpe:/o:redhat:rhel_e4s:8.4::baseos
Red Hat	Red Hat Enterprise Linux 8.4 Telecommunications Update Service	Unaffected: 0:2.62.3-2.el8_4.4 < * cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream cpe:/o:redhat:rhel_tus:8.4::baseos cpe:/o:redhat:rhel_e4s:8.4::baseos
Red Hat	Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	Unaffected: 0:2.62.3-2.el8_4.4 < * cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream cpe:/o:redhat:rhel_tus:8.4::baseos cpe:/o:redhat:rhel_e4s:8.4::baseos
Red Hat	Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	Unaffected: 0:2.62.3-2.el8_6.4 < * cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos
Red Hat	Red Hat Enterprise Linux 8.6 Telecommunications Update Service	Unaffected: 0:2.62.3-2.el8_6.4 < * cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos
Red Hat	Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	Unaffected: 0:2.62.3-2.el8_6.4 < * cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos
Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support	Unaffected: 0:2.62.3-3.el8_8.4 < * cpe:/a:redhat:rhel_eus:8.8::appstream cpe:/o:redhat:rhel_eus:8.8::baseos
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:2.72.0-10.el9_6.1 < * cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	Unaffected: 0:2.72.0-8.el9_0.4 < * cpe:/a:redhat:rhel_e4s:9.0::appstream
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	Unaffected: 0:2.72.0-8.el9_2.4 < * cpe:/a:redhat:rhel_eus:9.2::appstream
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	Unaffected: 0:2.72.0-8.el9_4.4 < * cpe:/a:redhat:rhel_eus:9.4::appstream
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-32906",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-14T14:13:49.519508Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-14T18:06:07.759Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://gitlab.gnome.org/GNOME/libsoup/",
          "defaultStatus": "unaffected",
          "packageName": "libsoup",
          "versions": [
            {
              "lessThan": "3.6.5",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.0"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup3",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.6.5-3.el10_0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_els:7"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.2-6.el7_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream",
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-8.el8_10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream",
            "cpe:/a:redhat:enterprise_linux:8::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "mingw-freetype",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.8-3.el8_10.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream",
            "cpe:/a:redhat:enterprise_linux:8::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "spice-client-win",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.10-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream",
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-8.el8_10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.2::baseos",
            "cpe:/a:redhat:rhel_aus:8.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-1.el8_2.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.4::baseos",
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_e4s:8.4::appstream",
            "cpe:/a:redhat:rhel_tus:8.4::appstream",
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/o:redhat:rhel_e4s:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_4.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.4::baseos",
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_e4s:8.4::appstream",
            "cpe:/a:redhat:rhel_tus:8.4::appstream",
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/o:redhat:rhel_e4s:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_4.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.4::baseos",
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_e4s:8.4::appstream",
            "cpe:/a:redhat:rhel_tus:8.4::appstream",
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/o:redhat:rhel_e4s:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_4.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/o:redhat:rhel_tus:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_6.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/o:redhat:rhel_tus:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_6.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/o:redhat:rhel_tus:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_6.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:8.8::appstream",
            "cpe:/o:redhat:rhel_eus:8.8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-3.el8_8.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.72.0-10.el9_6.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.0::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.72.0-8.el9_0.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.72.0-8.el9_2.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.72.0-8.el9_4.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-04-14T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-29T00:25:03.495Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:4439",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4439"
        },
        {
          "name": "RHSA-2025:4440",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4440"
        },
        {
          "name": "RHSA-2025:4508",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4508"
        },
        {
          "name": "RHSA-2025:4538",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4538"
        },
        {
          "name": "RHSA-2025:4560",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4560"
        },
        {
          "name": "RHSA-2025:4568",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4568"
        },
        {
          "name": "RHSA-2025:4609",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4609"
        },
        {
          "name": "RHSA-2025:4624",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4624"
        },
        {
          "name": "RHSA-2025:7436",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:7436"
        },
        {
          "name": "RHSA-2025:7505",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:7505"
        },
        {
          "name": "RHSA-2025:8292",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:8292"
        },
        {
          "name": "RHSA-2025:9179",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:9179"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-32906"
        },
        {
          "name": "RHBZ#2359341",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359341"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-04-14T01:27:05.130000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-04-14T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Libsoup: out of bounds reads in soup_headers_parse_request()",
      "workarounds": [
        {
          "lang": "en",
          "value": "Currently, no mitigation was found for this vulnerability."
        }
      ],
      "x_redhatCweChain": "CWE-125: Out-of-bounds Read"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-32906",
    "datePublished": "2025-04-14T13:58:39.718Z",
    "dateReserved": "2025-04-14T01:37:48.152Z",
    "dateUpdated": "2025-07-29T00:25:03.495Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-46420 (GCVE-0-2025-46420)

Vulnerability from cvelistv5

Published

2025-04-24 12:58

Modified

2025-07-29 13:33

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE

CWE-401 - Missing Release of Memory after Effective Lifetime

Summary

A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes.

References

►

URL

Tags

	https://access.redhat.com/errata/RHSA-2025:4439	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4440	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4508	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4538	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4560	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4568	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4609	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4624	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:7436	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2025-46420	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2361963	issue-tracking, x_refsource_REDHAT
	https://gitlab.gnome.org/GNOME/libsoup/-/issues/438

Impacted products

Vendor

Product

Version

►

Version: 0 ≤

Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:2.62.3-8.el8_10 < * cpe:/o:redhat:enterprise_linux:8::baseos cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:2.62.3-8.el8_10 < * cpe:/o:redhat:enterprise_linux:8::baseos cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat	Red Hat Enterprise Linux 8.2 Advanced Update Support	Unaffected: 0:2.62.3-1.el8_2.4 < * cpe:/o:redhat:rhel_aus:8.2::baseos cpe:/a:redhat:rhel_aus:8.2::appstream
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Unaffected: 0:2.62.3-2.el8_4.4 < * cpe:/o:redhat:rhel_e4s:8.4::baseos cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_tus:8.4::baseos cpe:/a:redhat:rhel_tus:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream
Red Hat	Red Hat Enterprise Linux 8.4 Telecommunications Update Service	Unaffected: 0:2.62.3-2.el8_4.4 < * cpe:/o:redhat:rhel_e4s:8.4::baseos cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_tus:8.4::baseos cpe:/a:redhat:rhel_tus:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream
Red Hat	Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	Unaffected: 0:2.62.3-2.el8_4.4 < * cpe:/o:redhat:rhel_e4s:8.4::baseos cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_tus:8.4::baseos cpe:/a:redhat:rhel_tus:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream
Red Hat	Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	Unaffected: 0:2.62.3-2.el8_6.4 < * cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/a:redhat:rhel_e4s:8.6::appstream
Red Hat	Red Hat Enterprise Linux 8.6 Telecommunications Update Service	Unaffected: 0:2.62.3-2.el8_6.4 < * cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/a:redhat:rhel_e4s:8.6::appstream
Red Hat	Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	Unaffected: 0:2.62.3-2.el8_6.4 < * cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/a:redhat:rhel_e4s:8.6::appstream
Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support	Unaffected: 0:2.62.3-3.el8_8.4 < * cpe:/o:redhat:rhel_eus:8.8::baseos cpe:/a:redhat:rhel_eus:8.8::appstream
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:2.72.0-10.el9_6.1 < * cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	Unaffected: 0:2.72.0-8.el9_0.4 < * cpe:/a:redhat:rhel_e4s:9.0::appstream
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	Unaffected: 0:2.72.0-8.el9_2.4 < * cpe:/a:redhat:rhel_eus:9.2::appstream
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	Unaffected: 0:2.72.0-8.el9_4.4 < * cpe:/a:redhat:rhel_eus:9.4::appstream
Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-46420",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-24T13:14:47.382231Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-29T13:33:33.836Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://gitlab.gnome.org/GNOME/libsoup",
          "defaultStatus": "unaffected",
          "packageName": "libsoup",
          "versions": [
            {
              "lessThan": "3.6.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::baseos",
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-8.el8_10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::baseos",
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-8.el8_10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.2::baseos",
            "cpe:/a:redhat:rhel_aus:8.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-1.el8_2.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_e4s:8.4::baseos",
            "cpe:/o:redhat:rhel_aus:8.4::baseos",
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/a:redhat:rhel_tus:8.4::appstream",
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_e4s:8.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_4.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_e4s:8.4::baseos",
            "cpe:/o:redhat:rhel_aus:8.4::baseos",
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/a:redhat:rhel_tus:8.4::appstream",
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_e4s:8.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_4.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_e4s:8.4::baseos",
            "cpe:/o:redhat:rhel_aus:8.4::baseos",
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/a:redhat:rhel_tus:8.4::appstream",
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_e4s:8.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_4.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/o:redhat:rhel_tus:8.6::baseos",
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_6.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/o:redhat:rhel_tus:8.6::baseos",
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_6.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/o:redhat:rhel_tus:8.6::baseos",
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-2.el8_6.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:8.8::baseos",
            "cpe:/a:redhat:rhel_eus:8.8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.62.3-3.el8_8.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.72.0-10.el9_6.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.0::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.72.0-8.el9_0.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.72.0-8.el9_2.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.72.0-8.el9_4.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "unaffected",
          "packageName": "libsoup3",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-04-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-401",
              "description": "Missing Release of Memory after Effective Lifetime",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-28T12:55:27.569Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:4439",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4439"
        },
        {
          "name": "RHSA-2025:4440",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4440"
        },
        {
          "name": "RHSA-2025:4508",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4508"
        },
        {
          "name": "RHSA-2025:4538",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4538"
        },
        {
          "name": "RHSA-2025:4560",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4560"
        },
        {
          "name": "RHSA-2025:4568",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4568"
        },
        {
          "name": "RHSA-2025:4609",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4609"
        },
        {
          "name": "RHSA-2025:4624",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4624"
        },
        {
          "name": "RHSA-2025:7436",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:7436"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-46420"
        },
        {
          "name": "RHBZ#2361963",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361963"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/438"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-04-24T01:33:03.009000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-04-24T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Libsoup: memory leak on soup_header_parse_quality_list() via soup-headers.c",
      "workarounds": [
        {
          "lang": "en",
          "value": "Currently, no mitigation is available for this vulnerability."
        }
      ],
      "x_redhatCweChain": "CWE-401: Missing Release of Memory after Effective Lifetime"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-46420",
    "datePublished": "2025-04-24T12:58:01.121Z",
    "dateReserved": "2025-04-24T01:37:42.412Z",
    "dateUpdated": "2025-07-29T13:33:33.836Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

rhsa-2025:4439

Vulnerability from csaf_redhat

CVE-2025-32913 (GCVE-0-2025-32913)

Vulnerability from cvelistv5

CVE-2025-46421 (GCVE-0-2025-46421)

Vulnerability from cvelistv5

CVE-2025-32907 (GCVE-0-2025-32907)

Vulnerability from cvelistv5

CVE-2025-32911 (GCVE-0-2025-32911)

Vulnerability from cvelistv5

CVE-2025-32906 (GCVE-0-2025-32906)

Vulnerability from cvelistv5

CVE-2025-46420 (GCVE-0-2025-46420)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature