cvelistv5 - cve-2025-2784

CVE-2025-2784 (GCVE-0-2025-2784)

Vulnerability from cvelistv5

Published

2025-04-03 01:40

Modified

2025-06-20 15:34

Severity ?

7.0 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

CWE

CWE-125 - Out-of-bounds Read

Summary

A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.

References

URL	Tags
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:7505	Third Party Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:8126	Third Party Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:8132	Third Party Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:8139	Third Party Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:8140	Third Party Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:8252	Third Party Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:8480	Third Party Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:8481	Third Party Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:8482	Third Party Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:8663	Third Party Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:9179	Third Party Advisory
secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2025-2784	Third Party Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=2354669	Third Party Advisory
secalert@redhat.com	https://gitlab.gnome.org/GNOME/libsoup/-/issues/422	Exploit, Issue Tracking
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://gitlab.gnome.org/GNOME/libsoup/-/issues/422	Exploit, Issue Tracking

Impacted products

Vendor

Product

Version

▼

Version: 0 ≤

Red Hat	Red Hat Enterprise Linux 10	Unaffected: 0:3.6.5-3.el10_0 < * cpe:/o:redhat:enterprise_linux:10.0
Red Hat	Red Hat Enterprise Linux 7 Extended Lifecycle Support	Unaffected: 0:2.62.2-6.el7_9 < * cpe:/o:redhat:rhel_els:7
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:2.62.3-9.el8_10 < * cpe:/a:redhat:enterprise_linux:8::appstream cpe:/o:redhat:enterprise_linux:8::baseos
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:2.62.3-9.el8_10 < * cpe:/a:redhat:enterprise_linux:8::appstream cpe:/o:redhat:enterprise_linux:8::baseos
Red Hat	Red Hat Enterprise Linux 8.2 Advanced Update Support	Unaffected: 0:2.62.3-1.el8_2.5 < * cpe:/o:redhat:rhel_aus:8.2::baseos cpe:/a:redhat:rhel_aus:8.2::appstream
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Unaffected: 0:2.62.3-2.el8_4.5 < * cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/o:redhat:rhel_aus:8.4::baseos
Red Hat	Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	Unaffected: 0:2.62.3-2.el8_6.5 < * cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/o:redhat:rhel_aus:8.6::baseos
Red Hat	Red Hat Enterprise Linux 8.6 Telecommunications Update Service	Unaffected: 0:2.62.3-2.el8_6.5 < * cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/o:redhat:rhel_aus:8.6::baseos
Red Hat	Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	Unaffected: 0:2.62.3-2.el8_6.5 < * cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/o:redhat:rhel_aus:8.6::baseos
Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support	Unaffected: 0:2.62.3-3.el8_8.5 < * cpe:/o:redhat:rhel_eus:8.8::baseos cpe:/a:redhat:rhel_eus:8.8::appstream
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:2.72.0-10.el9_6.2 < * cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	Unaffected: 0:2.72.0-8.el9_0.5 < * cpe:/a:redhat:rhel_e4s:9.0::appstream
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	Unaffected: 0:2.72.0-8.el9_2.5 < * cpe:/a:redhat:rhel_eus:9.2::appstream
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	Unaffected: 0:2.72.0-8.el9_4.5 < * cpe:/a:redhat:rhel_eus:9.4::appstream
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6

Vendor	Product	Version
gnome	libsoup	*
redhat	codeready_linux_builder	10.0
redhat	codeready_linux_builder_for_arm64	10.0_aarch64
redhat	codeready_linux_builder_for_arm64_eus	10.0_aarch64
redhat	codeready_linux_builder_for_ibm_z_systems	10.0_s390x
redhat	codeready_linux_builder_for_ibm_z_systems_eus	10.0_s390x
redhat	codeready_linux_builder_for_power_little_endian	10.0_ppc64le
redhat	codeready_linux_builder_for_power_little_endian_eus	10.0_ppc64le
redhat	enterprise_linux	8.0
redhat	enterprise_linux	9.0
redhat	enterprise_linux	10.0
redhat	enterprise_linux_eus	8.8
redhat	enterprise_linux_eus	9.2
redhat	enterprise_linux_eus	9.4
redhat	enterprise_linux_eus	9.6
redhat	enterprise_linux_eus	10.0
redhat	enterprise_linux_for_arm_64	8.0_aarch64
redhat	enterprise_linux_for_arm_64	9.0_aarch64
redhat	enterprise_linux_for_arm_64	10.0_aarch64
redhat	enterprise_linux_for_arm_64_eus	8.8_aarch64
redhat	enterprise_linux_for_arm_64_eus	9.2_aarch64
redhat	enterprise_linux_for_arm_64_eus	9.4_aarch64
redhat	enterprise_linux_for_arm_64_eus	9.6_aarch64
redhat	enterprise_linux_for_arm_64_eus	10.0_aarch64
redhat	enterprise_linux_for_ibm_z_systems	8.0_s390x
redhat	enterprise_linux_for_ibm_z_systems	9.0_s390x
redhat	enterprise_linux_for_ibm_z_systems	10.0_s390x
redhat	enterprise_linux_for_ibm_z_systems_eus	8.8_s390x
redhat	enterprise_linux_for_ibm_z_systems_eus	9.2_s390x
redhat	enterprise_linux_for_ibm_z_systems_eus	9.4_s390x
redhat	enterprise_linux_for_ibm_z_systems_eus	9.6_s390x
redhat	enterprise_linux_for_ibm_z_systems_eus	10.0_s390x
redhat	enterprise_linux_for_power_little_endian	8.0_ppc64le
redhat	enterprise_linux_for_power_little_endian	9.0_ppc64le
redhat	enterprise_linux_for_power_little_endian	10.0_ppc64le
redhat	enterprise_linux_for_power_little_endian_eus	8.8_ppc64le
redhat	enterprise_linux_for_power_little_endian_eus	9.2_ppc64le
redhat	enterprise_linux_for_power_little_endian_eus	9.4_ppc64le
redhat	enterprise_linux_for_power_little_endian_eus	9.6_ppc64le
redhat	enterprise_linux_for_power_little_endian_eus	10.0_ppc64le
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_server_aus	8.2
redhat	enterprise_linux_server_aus	8.4
redhat	enterprise_linux_server_aus	8.6
redhat	enterprise_linux_server_aus	9.2
redhat	enterprise_linux_server_aus	9.4
redhat	enterprise_linux_server_aus	9.6
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.6_ppc64le
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	9.0_ppc64le
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	9.6_ppc64le
redhat	enterprise_linux_server_tus	8.6
redhat	enterprise_linux_server_tus	8.8
redhat	enterprise_linux_update_services_for_sap_solutions	8.8
redhat	enterprise_linux_update_services_for_sap_solutions	9.0
redhat	enterprise_linux_update_services_for_sap_solutions	9.2
redhat	enterprise_linux_update_services_for_sap_solutions	9.4
redhat	enterprise_linux_update_services_for_sap_solutions	9.6

Action not permitted

CVE-2025-2784 (GCVE-0-2025-2784)

Vulnerability from cvelistv5

Vulnerability from fkie_nvd

Vulnerability from csaf_certbund

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from github

Tags

Sightings

Nomenclature