rhsa-2025:8252
Vulnerability from csaf_redhat
Published
2025-05-28 08:05
Modified
2025-07-30 15:17
Summary
Red Hat Security Advisory: libsoup security update
Notes
Topic
An update for libsoup is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libsoup packages provide an HTTP client and server library for GNOME.
Security Fix(es):
* libsoup: Heap buffer over-read in `skip_insignificant_space` when sniffing content (CVE-2025-2784)
* libsoup: Denial of Service attack to websocket server (CVE-2025-32049)
* libsoup: OOB Read on libsoup through function "soup_multipart_new_from_message" in soup-multipart.c leads to crash or exit of process (CVE-2025-32914)
* libsoup: Integer Underflow in soup_multipart_new_from_message() Leading to Denial of Service in libsoup (CVE-2025-4948)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libsoup is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libsoup packages provide an HTTP client and server library for GNOME.\n\nSecurity Fix(es):\n\n* libsoup: Heap buffer over-read in `skip_insignificant_space` when sniffing content (CVE-2025-2784)\n\n* libsoup: Denial of Service attack to websocket server (CVE-2025-32049)\n\n* libsoup: OOB Read on libsoup through function \"soup_multipart_new_from_message\" in soup-multipart.c leads to crash or exit of process (CVE-2025-32914)\n\n* libsoup: Integer Underflow in soup_multipart_new_from_message() Leading to Denial of Service in libsoup (CVE-2025-4948)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:8252",
"url": "https://access.redhat.com/errata/RHSA-2025:8252"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2354669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2354669"
},
{
"category": "external",
"summary": "2357066",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357066"
},
{
"category": "external",
"summary": "2359358",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359358"
},
{
"category": "external",
"summary": "2367183",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367183"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_8252.json"
}
],
"title": "Red Hat Security Advisory: libsoup security update",
"tracking": {
"current_release_date": "2025-07-30T15:17:38+00:00",
"generator": {
"date": "2025-07-30T15:17:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.5"
}
},
"id": "RHSA-2025:8252",
"initial_release_date": "2025-05-28T08:05:32+00:00",
"revision_history": [
{
"date": "2025-05-28T08:05:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-05-28T08:05:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-07-30T15:17:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.8::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:8.8::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-devel-0:2.62.3-3.el8_8.5.aarch64",
"product": {
"name": "libsoup-devel-0:2.62.3-3.el8_8.5.aarch64",
"product_id": "libsoup-devel-0:2.62.3-3.el8_8.5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.62.3-3.el8_8.5?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.5.aarch64",
"product": {
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.5.aarch64",
"product_id": "libsoup-debugsource-0:2.62.3-3.el8_8.5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.62.3-3.el8_8.5?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.5.aarch64",
"product": {
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.5.aarch64",
"product_id": "libsoup-debuginfo-0:2.62.3-3.el8_8.5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.62.3-3.el8_8.5?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libsoup-0:2.62.3-3.el8_8.5.aarch64",
"product": {
"name": "libsoup-0:2.62.3-3.el8_8.5.aarch64",
"product_id": "libsoup-0:2.62.3-3.el8_8.5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.62.3-3.el8_8.5?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-devel-0:2.62.3-3.el8_8.5.ppc64le",
"product": {
"name": "libsoup-devel-0:2.62.3-3.el8_8.5.ppc64le",
"product_id": "libsoup-devel-0:2.62.3-3.el8_8.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.62.3-3.el8_8.5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.5.ppc64le",
"product": {
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.5.ppc64le",
"product_id": "libsoup-debugsource-0:2.62.3-3.el8_8.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.62.3-3.el8_8.5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.5.ppc64le",
"product": {
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.5.ppc64le",
"product_id": "libsoup-debuginfo-0:2.62.3-3.el8_8.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.62.3-3.el8_8.5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libsoup-0:2.62.3-3.el8_8.5.ppc64le",
"product": {
"name": "libsoup-0:2.62.3-3.el8_8.5.ppc64le",
"product_id": "libsoup-0:2.62.3-3.el8_8.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.62.3-3.el8_8.5?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-devel-0:2.62.3-3.el8_8.5.i686",
"product": {
"name": "libsoup-devel-0:2.62.3-3.el8_8.5.i686",
"product_id": "libsoup-devel-0:2.62.3-3.el8_8.5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.62.3-3.el8_8.5?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.5.i686",
"product": {
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.5.i686",
"product_id": "libsoup-debugsource-0:2.62.3-3.el8_8.5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.62.3-3.el8_8.5?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.5.i686",
"product": {
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.5.i686",
"product_id": "libsoup-debuginfo-0:2.62.3-3.el8_8.5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.62.3-3.el8_8.5?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libsoup-0:2.62.3-3.el8_8.5.i686",
"product": {
"name": "libsoup-0:2.62.3-3.el8_8.5.i686",
"product_id": "libsoup-0:2.62.3-3.el8_8.5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.62.3-3.el8_8.5?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-devel-0:2.62.3-3.el8_8.5.x86_64",
"product": {
"name": "libsoup-devel-0:2.62.3-3.el8_8.5.x86_64",
"product_id": "libsoup-devel-0:2.62.3-3.el8_8.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.62.3-3.el8_8.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.5.x86_64",
"product": {
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.5.x86_64",
"product_id": "libsoup-debugsource-0:2.62.3-3.el8_8.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.62.3-3.el8_8.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.5.x86_64",
"product": {
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.5.x86_64",
"product_id": "libsoup-debuginfo-0:2.62.3-3.el8_8.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.62.3-3.el8_8.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup-0:2.62.3-3.el8_8.5.x86_64",
"product": {
"name": "libsoup-0:2.62.3-3.el8_8.5.x86_64",
"product_id": "libsoup-0:2.62.3-3.el8_8.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.62.3-3.el8_8.5?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-devel-0:2.62.3-3.el8_8.5.s390x",
"product": {
"name": "libsoup-devel-0:2.62.3-3.el8_8.5.s390x",
"product_id": "libsoup-devel-0:2.62.3-3.el8_8.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.62.3-3.el8_8.5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.5.s390x",
"product": {
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.5.s390x",
"product_id": "libsoup-debugsource-0:2.62.3-3.el8_8.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.62.3-3.el8_8.5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.5.s390x",
"product": {
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.5.s390x",
"product_id": "libsoup-debuginfo-0:2.62.3-3.el8_8.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.62.3-3.el8_8.5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libsoup-0:2.62.3-3.el8_8.5.s390x",
"product": {
"name": "libsoup-0:2.62.3-3.el8_8.5.s390x",
"product_id": "libsoup-0:2.62.3-3.el8_8.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.62.3-3.el8_8.5?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.62.3-3.el8_8.5.src",
"product": {
"name": "libsoup-0:2.62.3-3.el8_8.5.src",
"product_id": "libsoup-0:2.62.3-3.el8_8.5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.62.3-3.el8_8.5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-3.el8_8.5.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.aarch64"
},
"product_reference": "libsoup-0:2.62.3-3.el8_8.5.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-3.el8_8.5.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.i686"
},
"product_reference": "libsoup-0:2.62.3-3.el8_8.5.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-3.el8_8.5.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.ppc64le"
},
"product_reference": "libsoup-0:2.62.3-3.el8_8.5.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-3.el8_8.5.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.s390x"
},
"product_reference": "libsoup-0:2.62.3-3.el8_8.5.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-3.el8_8.5.src as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.src"
},
"product_reference": "libsoup-0:2.62.3-3.el8_8.5.src",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-3.el8_8.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.x86_64"
},
"product_reference": "libsoup-0:2.62.3-3.el8_8.5.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.5.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.aarch64"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-3.el8_8.5.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.5.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.i686"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-3.el8_8.5.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.5.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.ppc64le"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-3.el8_8.5.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.5.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.s390x"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-3.el8_8.5.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.x86_64"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-3.el8_8.5.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.5.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.aarch64"
},
"product_reference": "libsoup-debugsource-0:2.62.3-3.el8_8.5.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.5.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.i686"
},
"product_reference": "libsoup-debugsource-0:2.62.3-3.el8_8.5.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.5.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.ppc64le"
},
"product_reference": "libsoup-debugsource-0:2.62.3-3.el8_8.5.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.5.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.s390x"
},
"product_reference": "libsoup-debugsource-0:2.62.3-3.el8_8.5.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.x86_64"
},
"product_reference": "libsoup-debugsource-0:2.62.3-3.el8_8.5.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-3.el8_8.5.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.aarch64"
},
"product_reference": "libsoup-devel-0:2.62.3-3.el8_8.5.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-3.el8_8.5.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.i686"
},
"product_reference": "libsoup-devel-0:2.62.3-3.el8_8.5.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-3.el8_8.5.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.ppc64le"
},
"product_reference": "libsoup-devel-0:2.62.3-3.el8_8.5.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-3.el8_8.5.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.s390x"
},
"product_reference": "libsoup-devel-0:2.62.3-3.el8_8.5.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-3.el8_8.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.x86_64"
},
"product_reference": "libsoup-devel-0:2.62.3-3.el8_8.5.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-3.el8_8.5.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.aarch64"
},
"product_reference": "libsoup-0:2.62.3-3.el8_8.5.aarch64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-3.el8_8.5.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.i686"
},
"product_reference": "libsoup-0:2.62.3-3.el8_8.5.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-3.el8_8.5.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.ppc64le"
},
"product_reference": "libsoup-0:2.62.3-3.el8_8.5.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-3.el8_8.5.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.s390x"
},
"product_reference": "libsoup-0:2.62.3-3.el8_8.5.s390x",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-3.el8_8.5.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.src"
},
"product_reference": "libsoup-0:2.62.3-3.el8_8.5.src",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-3.el8_8.5.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.x86_64"
},
"product_reference": "libsoup-0:2.62.3-3.el8_8.5.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.5.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.aarch64"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-3.el8_8.5.aarch64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.5.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.i686"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-3.el8_8.5.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.5.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.ppc64le"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-3.el8_8.5.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.5.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.s390x"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-3.el8_8.5.s390x",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.5.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.x86_64"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-3.el8_8.5.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.5.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.aarch64"
},
"product_reference": "libsoup-debugsource-0:2.62.3-3.el8_8.5.aarch64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.5.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.i686"
},
"product_reference": "libsoup-debugsource-0:2.62.3-3.el8_8.5.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.5.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.ppc64le"
},
"product_reference": "libsoup-debugsource-0:2.62.3-3.el8_8.5.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.5.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.s390x"
},
"product_reference": "libsoup-debugsource-0:2.62.3-3.el8_8.5.s390x",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.5.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.x86_64"
},
"product_reference": "libsoup-debugsource-0:2.62.3-3.el8_8.5.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-3.el8_8.5.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.aarch64"
},
"product_reference": "libsoup-devel-0:2.62.3-3.el8_8.5.aarch64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-3.el8_8.5.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.i686"
},
"product_reference": "libsoup-devel-0:2.62.3-3.el8_8.5.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-3.el8_8.5.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.ppc64le"
},
"product_reference": "libsoup-devel-0:2.62.3-3.el8_8.5.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-3.el8_8.5.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.s390x"
},
"product_reference": "libsoup-devel-0:2.62.3-3.el8_8.5.s390x",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-3.el8_8.5.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.x86_64"
},
"product_reference": "libsoup-devel-0:2.62.3-3.el8_8.5.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-2784",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-03-25T01:57:31.752000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2354669"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Heap buffer over-read in `skip_insignificant_space` when sniffing content",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this with a Moderate impact as the flaw may be targeting Confidentiality and Integrity specific to each request.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-2784"
},
{
"category": "external",
"summary": "RHBZ#2354669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2354669"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-2784",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2784"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2784",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2784"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/422",
"url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/422"
}
],
"release_date": "2025-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-28T08:05:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8252"
},
{
"category": "workaround",
"details": "Currently no mitigation is available for this vulnerability.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libsoup: Heap buffer over-read in `skip_insignificant_space` when sniffing content"
},
{
"acknowledgments": [
{
"names": [
"zkbytes",
"fouzhe"
]
}
],
"cve": "CVE-2025-4948",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"discovery_date": "2025-05-19T05:22:19.904000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2367183"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal calculation can go wrong, leading to an integer underflow. This can cause the program to access invalid memory and crash. As a result, any application or server using libsoup could be forced to exit unexpectedly, creating a denial-of-service (DoS) risk.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Integer Underflow in soup_multipart_new_from_message() Leading to Denial of Service in libsoup",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has assessed the severity of this vulnerability as High, given that it can be remotely triggered without authentication or user interaction. Successful exploitation allows an attacker to crash services or applications relying on libsoup for HTTP multipart message processing. The vulnerability\u2019s root cause is a lack of proper bounds checking that results in an integer underflow and subsequent denial-of-service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4948"
},
{
"category": "external",
"summary": "RHBZ#2367183",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367183"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4948"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4948",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4948"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/449",
"url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/449"
}
],
"release_date": "2025-05-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-28T08:05:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8252"
},
{
"category": "workaround",
"details": "To mitigate this issue, Red Hat recommends avoiding the use of libsoup with untrusted or unauthenticated multipart HTTP message sources until updated packages are available. Administrators can deploy application-level filters or HTTP proxies that reject malformed multipart requests. It is strongly advised to apply vendor-supplied patches as soon as they are released to address this integer underflow vulnerability and restore the stability of affected services.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libsoup: Integer Underflow in soup_multipart_new_from_message() Leading to Denial of Service in libsoup"
},
{
"cve": "CVE-2025-32049",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-04-03T01:16:46.830000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2357066"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Denial of Service attack to websocket server",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32049"
},
{
"category": "external",
"summary": "RHBZ#2357066",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357066"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32049",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32049"
}
],
"release_date": "2025-04-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-28T08:05:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8252"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this vulnerability.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libsoup: Denial of Service attack to websocket server"
},
{
"cve": "CVE-2025-32914",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-04-14T01:21:01.384000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2359358"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: OOB Read on libsoup through function \"soup_multipart_new_from_message\" in soup-multipart.c leads to crash or exit of process",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32914"
},
{
"category": "external",
"summary": "RHBZ#2359358",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359358"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32914"
}
],
"release_date": "2025-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-28T08:05:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8252"
},
{
"category": "workaround",
"details": "Currently, no mitigation is available for this vulnerability.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.5.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libsoup: OOB Read on libsoup through function \"soup_multipart_new_from_message\" in soup-multipart.c leads to crash or exit of process"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…