rhsa-2025:4568
Vulnerability from csaf_redhat
Published
2025-05-06 16:48
Modified
2025-10-23 10:47
Summary
Red Hat Security Advisory: libsoup security update
Notes
Topic
An update for libsoup is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libsoup packages provide an HTTP client and server library for GNOME.
Security Fix(es):
* libsoup: Integer overflow in append_param_quoted (CVE-2025-32050)
* libsoup: Heap buffer overflow in sniff_unknown() (CVE-2025-32052)
* libsoup: Heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() (CVE-2025-32053)
* libsoup: Out of bounds reads in soup_headers_parse_request() (CVE-2025-32906)
* libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value (CVE-2025-32911)
* libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header (CVE-2025-32913)
* libsoup: Information disclosure may leads libsoup client sends Authorization header to a different host when being redirected by a server (CVE-2025-46421)
* libsoup: Memory leak on soup_header_parse_quality_list() via soup-headers.c (CVE-2025-46420)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libsoup is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libsoup packages provide an HTTP client and server library for GNOME.\n\nSecurity Fix(es):\n\n* libsoup: Integer overflow in append_param_quoted (CVE-2025-32050)\n\n* libsoup: Heap buffer overflow in sniff_unknown() (CVE-2025-32052)\n\n* libsoup: Heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() (CVE-2025-32053)\n\n* libsoup: Out of bounds reads in soup_headers_parse_request() (CVE-2025-32906)\n\n* libsoup: Double free on soup_message_headers_get_content_disposition() through \"soup-message-headers.c\" via \"params\" GHashTable value (CVE-2025-32911)\n\n* libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when \"filename\" parameter is present, but has no value in Content-Disposition header (CVE-2025-32913)\n\n* libsoup: Information disclosure may leads libsoup client sends Authorization header to a different host when being redirected by a server (CVE-2025-46421)\n\n* libsoup: Memory leak on soup_header_parse_quality_list() via soup-headers.c (CVE-2025-46420)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:4568",
"url": "https://access.redhat.com/errata/RHSA-2025:4568"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2357067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357067"
},
{
"category": "external",
"summary": "2357069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357069"
},
{
"category": "external",
"summary": "2357070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357070"
},
{
"category": "external",
"summary": "2359341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359341"
},
{
"category": "external",
"summary": "2359355",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359355"
},
{
"category": "external",
"summary": "2359357",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359357"
},
{
"category": "external",
"summary": "2361962",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361962"
},
{
"category": "external",
"summary": "2361963",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361963"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_4568.json"
}
],
"title": "Red Hat Security Advisory: libsoup security update",
"tracking": {
"current_release_date": "2025-10-23T10:47:08+00:00",
"generator": {
"date": "2025-10-23T10:47:08+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:4568",
"initial_release_date": "2025-05-06T16:48:22+00:00",
"revision_history": [
{
"date": "2025-05-06T16:48:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-05-06T16:48:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-23T10:47:08+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.8::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:8.8::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"product": {
"name": "libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"product_id": "libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.62.3-3.el8_8.4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"product": {
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"product_id": "libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.62.3-3.el8_8.4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"product": {
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"product_id": "libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.62.3-3.el8_8.4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libsoup-0:2.62.3-3.el8_8.4.aarch64",
"product": {
"name": "libsoup-0:2.62.3-3.el8_8.4.aarch64",
"product_id": "libsoup-0:2.62.3-3.el8_8.4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.62.3-3.el8_8.4?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"product": {
"name": "libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"product_id": "libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.62.3-3.el8_8.4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"product": {
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"product_id": "libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.62.3-3.el8_8.4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"product": {
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"product_id": "libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.62.3-3.el8_8.4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"product": {
"name": "libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"product_id": "libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.62.3-3.el8_8.4?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"product": {
"name": "libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"product_id": "libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.62.3-3.el8_8.4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"product": {
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"product_id": "libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.62.3-3.el8_8.4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"product": {
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"product_id": "libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.62.3-3.el8_8.4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libsoup-0:2.62.3-3.el8_8.4.i686",
"product": {
"name": "libsoup-0:2.62.3-3.el8_8.4.i686",
"product_id": "libsoup-0:2.62.3-3.el8_8.4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.62.3-3.el8_8.4?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-devel-0:2.62.3-3.el8_8.4.x86_64",
"product": {
"name": "libsoup-devel-0:2.62.3-3.el8_8.4.x86_64",
"product_id": "libsoup-devel-0:2.62.3-3.el8_8.4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.62.3-3.el8_8.4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"product": {
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"product_id": "libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.62.3-3.el8_8.4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"product": {
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"product_id": "libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.62.3-3.el8_8.4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup-0:2.62.3-3.el8_8.4.x86_64",
"product": {
"name": "libsoup-0:2.62.3-3.el8_8.4.x86_64",
"product_id": "libsoup-0:2.62.3-3.el8_8.4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.62.3-3.el8_8.4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"product": {
"name": "libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"product_id": "libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.62.3-3.el8_8.4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"product": {
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"product_id": "libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.62.3-3.el8_8.4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"product": {
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"product_id": "libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.62.3-3.el8_8.4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libsoup-0:2.62.3-3.el8_8.4.s390x",
"product": {
"name": "libsoup-0:2.62.3-3.el8_8.4.s390x",
"product_id": "libsoup-0:2.62.3-3.el8_8.4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.62.3-3.el8_8.4?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.62.3-3.el8_8.4.src",
"product": {
"name": "libsoup-0:2.62.3-3.el8_8.4.src",
"product_id": "libsoup-0:2.62.3-3.el8_8.4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.62.3-3.el8_8.4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-3.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64"
},
"product_reference": "libsoup-0:2.62.3-3.el8_8.4.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-3.el8_8.4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686"
},
"product_reference": "libsoup-0:2.62.3-3.el8_8.4.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-3.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le"
},
"product_reference": "libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-3.el8_8.4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x"
},
"product_reference": "libsoup-0:2.62.3-3.el8_8.4.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-3.el8_8.4.src as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src"
},
"product_reference": "libsoup-0:2.62.3-3.el8_8.4.src",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-3.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64"
},
"product_reference": "libsoup-0:2.62.3-3.el8_8.4.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64"
},
"product_reference": "libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686"
},
"product_reference": "libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le"
},
"product_reference": "libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x"
},
"product_reference": "libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64"
},
"product_reference": "libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-3.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64"
},
"product_reference": "libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-3.el8_8.4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686"
},
"product_reference": "libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le"
},
"product_reference": "libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-3.el8_8.4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x"
},
"product_reference": "libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-3.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64"
},
"product_reference": "libsoup-devel-0:2.62.3-3.el8_8.4.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-3.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64"
},
"product_reference": "libsoup-0:2.62.3-3.el8_8.4.aarch64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-3.el8_8.4.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686"
},
"product_reference": "libsoup-0:2.62.3-3.el8_8.4.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-3.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le"
},
"product_reference": "libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-3.el8_8.4.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x"
},
"product_reference": "libsoup-0:2.62.3-3.el8_8.4.s390x",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-3.el8_8.4.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src"
},
"product_reference": "libsoup-0:2.62.3-3.el8_8.4.src",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-3.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64"
},
"product_reference": "libsoup-0:2.62.3-3.el8_8.4.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64"
},
"product_reference": "libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.4.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686"
},
"product_reference": "libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le"
},
"product_reference": "libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x"
},
"product_reference": "libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64"
},
"product_reference": "libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-3.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64"
},
"product_reference": "libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-3.el8_8.4.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686"
},
"product_reference": "libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le"
},
"product_reference": "libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-3.el8_8.4.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x"
},
"product_reference": "libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-3.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64"
},
"product_reference": "libsoup-devel-0:2.62.3-3.el8_8.4.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-32050",
"cwe": {
"id": "CWE-127",
"name": "Buffer Under-read"
},
"discovery_date": "2025-04-03T01:17:42.454000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2357067"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Integer overflow in append_param_quoted",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32050"
},
{
"category": "external",
"summary": "RHBZ#2357067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357067"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32050"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32050",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32050"
}
],
"release_date": "2025-04-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-06T16:48:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4568"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this vulnerability.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libsoup: Integer overflow in append_param_quoted"
},
{
"cve": "CVE-2025-32052",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"discovery_date": "2025-04-03T01:16:47.177000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2357069"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Heap buffer overflow in sniff_unknown()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32052"
},
{
"category": "external",
"summary": "RHBZ#2357069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357069"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32052",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32052"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32052",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32052"
}
],
"release_date": "2025-04-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-06T16:48:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4568"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this vulnerability.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libsoup: Heap buffer overflow in sniff_unknown()"
},
{
"cve": "CVE-2025-32053",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"discovery_date": "2025-04-03T01:16:47.321000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2357070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32053"
},
{
"category": "external",
"summary": "RHBZ#2357070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32053",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32053"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32053",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32053"
}
],
"release_date": "2025-04-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-06T16:48:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4568"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this vulnerability.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libsoup: Heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space()"
},
{
"cve": "CVE-2025-32906",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-04-14T01:27:05.130000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2359341"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Out of bounds reads in soup_headers_parse_request()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32906"
},
{
"category": "external",
"summary": "RHBZ#2359341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359341"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32906"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32906",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32906"
}
],
"release_date": "2025-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-06T16:48:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4568"
},
{
"category": "workaround",
"details": "Currently, no mitigation was found for this vulnerability.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libsoup: Out of bounds reads in soup_headers_parse_request()"
},
{
"cve": "CVE-2025-32911",
"cwe": {
"id": "CWE-590",
"name": "Free of Memory not on the Heap"
},
"discovery_date": "2025-04-14T01:21:00.518000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2359355"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Double free on soup_message_headers_get_content_disposition() through \"soup-message-headers.c\" via \"params\" GHashTable value",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32911"
},
{
"category": "external",
"summary": "RHBZ#2359355",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359355"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32911"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32911",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32911"
}
],
"release_date": "2025-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-06T16:48:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4568"
},
{
"category": "workaround",
"details": "Currently, no mitigation is available for this vulnerability.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libsoup: Double free on soup_message_headers_get_content_disposition() through \"soup-message-headers.c\" via \"params\" GHashTable value"
},
{
"cve": "CVE-2025-32913",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2025-04-14T01:21:01.010000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2359357"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libsoup, where the soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when \"filename\" parameter is present, but has no value in Content-Disposition header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32913"
},
{
"category": "external",
"summary": "RHBZ#2359357",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359357"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32913"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32913",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32913"
}
],
"release_date": "2025-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-06T16:48:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4568"
},
{
"category": "workaround",
"details": "Currently, no mitigation is available for this vulnerability.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when \"filename\" parameter is present, but has no value in Content-Disposition header"
},
{
"cve": "CVE-2025-46420",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2025-04-24T01:33:03.009000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2361963"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Memory leak on soup_header_parse_quality_list() via soup-headers.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-46420"
},
{
"category": "external",
"summary": "RHBZ#2361963",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361963"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-46420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46420"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-46420",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46420"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/438",
"url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/438"
}
],
"release_date": "2025-04-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-06T16:48:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4568"
},
{
"category": "workaround",
"details": "Currently, no mitigation is available for this vulnerability.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libsoup: Memory leak on soup_header_parse_quality_list() via soup-headers.c"
},
{
"cve": "CVE-2025-46421",
"cwe": {
"id": "CWE-497",
"name": "Exposure of Sensitive System Information to an Unauthorized Control Sphere"
},
"discovery_date": "2025-04-24T01:35:00.884000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2361962"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Information disclosure may leads libsoup client sends Authorization header to a different host when being redirected by a server",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-46421"
},
{
"category": "external",
"summary": "RHBZ#2361962",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361962"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-46421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46421"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-46421",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46421"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/439",
"url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/439"
}
],
"release_date": "2025-04-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-06T16:48:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4568"
},
{
"category": "workaround",
"details": "Currently, no mitigation is available for this vulnerability.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"AppStream-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"AppStream-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.src",
"BaseOS-8.8.0.Z.EUS:libsoup-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debuginfo-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-debugsource-0:2.62.3-3.el8_8.4.x86_64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.aarch64",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.i686",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.ppc64le",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.s390x",
"BaseOS-8.8.0.Z.EUS:libsoup-devel-0:2.62.3-3.el8_8.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libsoup: Information disclosure may leads libsoup client sends Authorization header to a different host when being redirected by a server"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…