Action not permitted
Modal body text goes here.
Modal Title
Modal Body
BDU:2025-10922
Vulnerability from fstec - Published: 28.04.2025
VLAI Severity ?
Title
Уязвимость библиотеки libsoup графического интерфейса GNOME, связанная с недостаточной проверкой регистра, позволяющая нарушителю оказать воздействие на целостность защищаемой информации
Description
Уязвимость библиотеки libsoup графического интерфейса GNOME связана с недостаточной проверкой регистра. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, оказать воздействие на целостность защищаемой информации
Severity ?
Vendor
Red Hat Inc., Canonical Ltd., АО «СберТех», GNOME Foundation
Software Name
Red Hat Enterprise Linux, Ubuntu, Platform V SberLinux OS Server (запись в едином реестре российских программ №18785), libsoup
Software Version
6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 16.04 LTS (Ubuntu), 18.04 LTS (Ubuntu), 8 (Red Hat Enterprise Linux), 20.04 LTS (Ubuntu), 22.04 LTS (Ubuntu), 9 (Red Hat Enterprise Linux), 24.04 LTS (Ubuntu), 25.04 (Ubuntu), 10 (Red Hat Enterprise Linux), 9.1 (Platform V SberLinux OS Server), 2.72.0 (libsoup)
Possible Mitigations
Использование рекомендаций производителя:
https://bugzilla.redhat.com/show_bug.cgi?id=2362651
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/cve-2025-4035
Для программных продуктов Ubuntu:
https://ubuntu.com/security/CVE-2025-4035
Компенсирующие меры:
- минимизация пользовательских привилегий;
- отключение/удаление неиспользуемых учётных записей пользователей;
- контроль журналов аудита кластера для отслеживания попыток эксплуатации уязвимости.
Reference
https://bugzilla.redhat.com/show_bug.cgi?id=2362651
https://access.redhat.com/security/cve/cve-2025-4035
https://ubuntu.com/security/CVE-2025-4035
CWE
CWE-178
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., Canonical Ltd., \u0410\u041e \u00ab\u0421\u0431\u0435\u0440\u0422\u0435\u0445\u00bb, GNOME Foundation",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 16.04 LTS (Ubuntu), 18.04 LTS (Ubuntu), 8 (Red Hat Enterprise Linux), 20.04 LTS (Ubuntu), 22.04 LTS (Ubuntu), 9 (Red Hat Enterprise Linux), 24.04 LTS (Ubuntu), 25.04 (Ubuntu), 10 (Red Hat Enterprise Linux), 9.1 (Platform V SberLinux OS Server), 2.72.0 (libsoup)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2362651\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2025-4035\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Ubuntu:\nhttps://ubuntu.com/security/CVE-2025-4035\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u043c\u0438\u043d\u0438\u043c\u0438\u0437\u0430\u0446\u0438\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439;\n- \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435/\u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u043d\u0435\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0443\u0447\u0451\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439;\n- \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u0436\u0443\u0440\u043d\u0430\u043b\u043e\u0432 \u0430\u0443\u0434\u0438\u0442\u0430 \u043a\u043b\u0430\u0441\u0442\u0435\u0440\u0430 \u0434\u043b\u044f \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u043f\u044b\u0442\u043e\u043a \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "28.04.2025",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "10.09.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "10.09.2025",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-10922",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-4035, RHSA-2025:8128",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Ubuntu, Platform V SberLinux OS Server (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211618785), libsoup",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 6 , Red Hat Inc. Red Hat Enterprise Linux 7 , Canonical Ltd. Ubuntu 16.04 LTS , Canonical Ltd. Ubuntu 18.04 LTS , Red Hat Inc. Red Hat Enterprise Linux 8 , Canonical Ltd. Ubuntu 20.04 LTS , Canonical Ltd. Ubuntu 22.04 LTS , Red Hat Inc. Red Hat Enterprise Linux 9 , Canonical Ltd. Ubuntu 24.04 LTS , Canonical Ltd. Ubuntu 25.04 , Red Hat Inc. Red Hat Enterprise Linux 10 , \u0410\u041e \u00ab\u0421\u0431\u0435\u0440\u0422\u0435\u0445\u00bb Platform V SberLinux OS Server 9.1 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211618785)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 libsoup \u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 GNOME, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u0430\u044f \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0430 \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430 (CWE-178)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 libsoup \u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 GNOME \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://bugzilla.redhat.com/show_bug.cgi?id=2362651\nhttps://access.redhat.com/security/cve/cve-2025-4035\nhttps://ubuntu.com/security/CVE-2025-4035",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-178",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)"
}
RHSA-2025:8128
Vulnerability from csaf_redhat - Published: 2025-05-26 07:01 - Updated: 2026-03-18 03:00Summary
Red Hat Security Advisory: libsoup3 security update
Severity
Important
Notes
Topic: An update for libsoup3 is now available for Red Hat Enterprise Linux 10.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Libsoup is an HTTP library implementation in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME applications to access HTTP servers on the network in a completely asynchronous fashion, very similar to the Gtk+ programming model (a synchronous operation mode is also supported for those who want it), but the SOAP parts were removed long ago.
Security Fix(es):
* libsoup: Denial of Service attack to websocket server (CVE-2025-32049)
* libsoup: Denial of service in server when client requests a large amount of overlapping ranges with Range header (CVE-2025-32907)
* libsoup: Cookie domain validation bypass via uppercase characters in libsoup (CVE-2025-4035)
* libsoup: Integer Underflow in soup_multipart_new_from_message() Leading to Denial of Service in libsoup (CVE-2025-4948)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set cookies for domains it does not own, potentially leading to integrity issues such as session fixation.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2025:8128
A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal calculation can go wrong, leading to an integer underflow. This can cause the program to access invalid memory and crash. As a result, any application or server using libsoup could be forced to exit unexpectedly, creating a denial-of-service (DoS) risk.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2025:8128
Workaround
To mitigate this issue, Red Hat recommends avoiding the use of libsoup with untrusted or unauthenticated multipart HTTP message sources until updated packages are available. Administrators can deploy application-level filters or HTTP proxies that reject malformed multipart requests. It is strongly advised to apply vendor-supplied patches as soon as they are released to address this integer underflow vulnerability and restore the stability of affected services.
A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2025:8128
Workaround
No mitigation is currently available for this vulnerability.
A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a full denial of service.
5.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2025:8128
Workaround
Currently, no mitigation was found for this vulnerability.
References
Acknowledgments
Jan Różański
zkbytes
fouzhe
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libsoup3 is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Libsoup is an HTTP library implementation in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME applications to access HTTP servers on the network in a completely asynchronous fashion, very similar to the Gtk+ programming model (a synchronous operation mode is also supported for those who want it), but the SOAP parts were removed long ago.\n\nSecurity Fix(es):\n\n* libsoup: Denial of Service attack to websocket server (CVE-2025-32049)\n\n* libsoup: Denial of service in server when client requests a large amount of overlapping ranges with Range header (CVE-2025-32907)\n\n* libsoup: Cookie domain validation bypass via uppercase characters in libsoup (CVE-2025-4035)\n\n* libsoup: Integer Underflow in soup_multipart_new_from_message() Leading to Denial of Service in libsoup (CVE-2025-4948)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:8128",
"url": "https://access.redhat.com/errata/RHSA-2025:8128"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2357066",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357066"
},
{
"category": "external",
"summary": "2359342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359342"
},
{
"category": "external",
"summary": "2362651",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362651"
},
{
"category": "external",
"summary": "2367183",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367183"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_8128.json"
}
],
"title": "Red Hat Security Advisory: libsoup3 security update",
"tracking": {
"current_release_date": "2026-03-18T03:00:27+00:00",
"generator": {
"date": "2026-03-18T03:00:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:8128",
"initial_release_date": "2025-05-26T07:01:26+00:00",
"revision_history": [
{
"date": "2025-05-26T07:01:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-05-26T07:01:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T03:00:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.0"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup3-0:3.6.5-3.el10_0.6.src",
"product": {
"name": "libsoup3-0:3.6.5-3.el10_0.6.src",
"product_id": "libsoup3-0:3.6.5-3.el10_0.6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3@3.6.5-3.el10_0.6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup3-0:3.6.5-3.el10_0.6.aarch64",
"product": {
"name": "libsoup3-0:3.6.5-3.el10_0.6.aarch64",
"product_id": "libsoup3-0:3.6.5-3.el10_0.6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3@3.6.5-3.el10_0.6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libsoup3-devel-0:3.6.5-3.el10_0.6.aarch64",
"product": {
"name": "libsoup3-devel-0:3.6.5-3.el10_0.6.aarch64",
"product_id": "libsoup3-devel-0:3.6.5-3.el10_0.6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3-devel@3.6.5-3.el10_0.6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libsoup3-debugsource-0:3.6.5-3.el10_0.6.aarch64",
"product": {
"name": "libsoup3-debugsource-0:3.6.5-3.el10_0.6.aarch64",
"product_id": "libsoup3-debugsource-0:3.6.5-3.el10_0.6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3-debugsource@3.6.5-3.el10_0.6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_0.6.aarch64",
"product": {
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_0.6.aarch64",
"product_id": "libsoup3-debuginfo-0:3.6.5-3.el10_0.6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3-debuginfo@3.6.5-3.el10_0.6?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup3-0:3.6.5-3.el10_0.6.ppc64le",
"product": {
"name": "libsoup3-0:3.6.5-3.el10_0.6.ppc64le",
"product_id": "libsoup3-0:3.6.5-3.el10_0.6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3@3.6.5-3.el10_0.6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libsoup3-devel-0:3.6.5-3.el10_0.6.ppc64le",
"product": {
"name": "libsoup3-devel-0:3.6.5-3.el10_0.6.ppc64le",
"product_id": "libsoup3-devel-0:3.6.5-3.el10_0.6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3-devel@3.6.5-3.el10_0.6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libsoup3-debugsource-0:3.6.5-3.el10_0.6.ppc64le",
"product": {
"name": "libsoup3-debugsource-0:3.6.5-3.el10_0.6.ppc64le",
"product_id": "libsoup3-debugsource-0:3.6.5-3.el10_0.6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3-debugsource@3.6.5-3.el10_0.6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_0.6.ppc64le",
"product": {
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_0.6.ppc64le",
"product_id": "libsoup3-debuginfo-0:3.6.5-3.el10_0.6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3-debuginfo@3.6.5-3.el10_0.6?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup3-0:3.6.5-3.el10_0.6.x86_64",
"product": {
"name": "libsoup3-0:3.6.5-3.el10_0.6.x86_64",
"product_id": "libsoup3-0:3.6.5-3.el10_0.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3@3.6.5-3.el10_0.6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup3-devel-0:3.6.5-3.el10_0.6.x86_64",
"product": {
"name": "libsoup3-devel-0:3.6.5-3.el10_0.6.x86_64",
"product_id": "libsoup3-devel-0:3.6.5-3.el10_0.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3-devel@3.6.5-3.el10_0.6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup3-debugsource-0:3.6.5-3.el10_0.6.x86_64",
"product": {
"name": "libsoup3-debugsource-0:3.6.5-3.el10_0.6.x86_64",
"product_id": "libsoup3-debugsource-0:3.6.5-3.el10_0.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3-debugsource@3.6.5-3.el10_0.6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_0.6.x86_64",
"product": {
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_0.6.x86_64",
"product_id": "libsoup3-debuginfo-0:3.6.5-3.el10_0.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3-debuginfo@3.6.5-3.el10_0.6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup3-0:3.6.5-3.el10_0.6.s390x",
"product": {
"name": "libsoup3-0:3.6.5-3.el10_0.6.s390x",
"product_id": "libsoup3-0:3.6.5-3.el10_0.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3@3.6.5-3.el10_0.6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libsoup3-devel-0:3.6.5-3.el10_0.6.s390x",
"product": {
"name": "libsoup3-devel-0:3.6.5-3.el10_0.6.s390x",
"product_id": "libsoup3-devel-0:3.6.5-3.el10_0.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3-devel@3.6.5-3.el10_0.6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libsoup3-debugsource-0:3.6.5-3.el10_0.6.s390x",
"product": {
"name": "libsoup3-debugsource-0:3.6.5-3.el10_0.6.s390x",
"product_id": "libsoup3-debugsource-0:3.6.5-3.el10_0.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3-debugsource@3.6.5-3.el10_0.6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_0.6.s390x",
"product": {
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_0.6.s390x",
"product_id": "libsoup3-debuginfo-0:3.6.5-3.el10_0.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3-debuginfo@3.6.5-3.el10_0.6?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup3-doc-0:3.6.5-3.el10_0.6.noarch",
"product": {
"name": "libsoup3-doc-0:3.6.5-3.el10_0.6.noarch",
"product_id": "libsoup3-doc-0:3.6.5-3.el10_0.6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3-doc@3.6.5-3.el10_0.6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-0:3.6.5-3.el10_0.6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.aarch64"
},
"product_reference": "libsoup3-0:3.6.5-3.el10_0.6.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-0:3.6.5-3.el10_0.6.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.ppc64le"
},
"product_reference": "libsoup3-0:3.6.5-3.el10_0.6.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-0:3.6.5-3.el10_0.6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.s390x"
},
"product_reference": "libsoup3-0:3.6.5-3.el10_0.6.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-0:3.6.5-3.el10_0.6.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.src"
},
"product_reference": "libsoup3-0:3.6.5-3.el10_0.6.src",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-0:3.6.5-3.el10_0.6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.x86_64"
},
"product_reference": "libsoup3-0:3.6.5-3.el10_0.6.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_0.6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.aarch64"
},
"product_reference": "libsoup3-debuginfo-0:3.6.5-3.el10_0.6.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_0.6.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.ppc64le"
},
"product_reference": "libsoup3-debuginfo-0:3.6.5-3.el10_0.6.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_0.6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.s390x"
},
"product_reference": "libsoup3-debuginfo-0:3.6.5-3.el10_0.6.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_0.6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.x86_64"
},
"product_reference": "libsoup3-debuginfo-0:3.6.5-3.el10_0.6.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debugsource-0:3.6.5-3.el10_0.6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.aarch64"
},
"product_reference": "libsoup3-debugsource-0:3.6.5-3.el10_0.6.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debugsource-0:3.6.5-3.el10_0.6.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.ppc64le"
},
"product_reference": "libsoup3-debugsource-0:3.6.5-3.el10_0.6.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debugsource-0:3.6.5-3.el10_0.6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.s390x"
},
"product_reference": "libsoup3-debugsource-0:3.6.5-3.el10_0.6.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debugsource-0:3.6.5-3.el10_0.6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.x86_64"
},
"product_reference": "libsoup3-debugsource-0:3.6.5-3.el10_0.6.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-devel-0:3.6.5-3.el10_0.6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.aarch64"
},
"product_reference": "libsoup3-devel-0:3.6.5-3.el10_0.6.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-devel-0:3.6.5-3.el10_0.6.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.ppc64le"
},
"product_reference": "libsoup3-devel-0:3.6.5-3.el10_0.6.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-devel-0:3.6.5-3.el10_0.6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.s390x"
},
"product_reference": "libsoup3-devel-0:3.6.5-3.el10_0.6.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-devel-0:3.6.5-3.el10_0.6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.x86_64"
},
"product_reference": "libsoup3-devel-0:3.6.5-3.el10_0.6.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-doc-0:3.6.5-3.el10_0.6.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libsoup3-doc-0:3.6.5-3.el10_0.6.noarch"
},
"product_reference": "libsoup3-doc-0:3.6.5-3.el10_0.6.noarch",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-0:3.6.5-3.el10_0.6.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.aarch64"
},
"product_reference": "libsoup3-0:3.6.5-3.el10_0.6.aarch64",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-0:3.6.5-3.el10_0.6.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.ppc64le"
},
"product_reference": "libsoup3-0:3.6.5-3.el10_0.6.ppc64le",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-0:3.6.5-3.el10_0.6.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.s390x"
},
"product_reference": "libsoup3-0:3.6.5-3.el10_0.6.s390x",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-0:3.6.5-3.el10_0.6.src as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.src"
},
"product_reference": "libsoup3-0:3.6.5-3.el10_0.6.src",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-0:3.6.5-3.el10_0.6.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.x86_64"
},
"product_reference": "libsoup3-0:3.6.5-3.el10_0.6.x86_64",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_0.6.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.aarch64"
},
"product_reference": "libsoup3-debuginfo-0:3.6.5-3.el10_0.6.aarch64",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_0.6.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.ppc64le"
},
"product_reference": "libsoup3-debuginfo-0:3.6.5-3.el10_0.6.ppc64le",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_0.6.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.s390x"
},
"product_reference": "libsoup3-debuginfo-0:3.6.5-3.el10_0.6.s390x",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_0.6.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.x86_64"
},
"product_reference": "libsoup3-debuginfo-0:3.6.5-3.el10_0.6.x86_64",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debugsource-0:3.6.5-3.el10_0.6.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.aarch64"
},
"product_reference": "libsoup3-debugsource-0:3.6.5-3.el10_0.6.aarch64",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debugsource-0:3.6.5-3.el10_0.6.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.ppc64le"
},
"product_reference": "libsoup3-debugsource-0:3.6.5-3.el10_0.6.ppc64le",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debugsource-0:3.6.5-3.el10_0.6.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.s390x"
},
"product_reference": "libsoup3-debugsource-0:3.6.5-3.el10_0.6.s390x",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debugsource-0:3.6.5-3.el10_0.6.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.x86_64"
},
"product_reference": "libsoup3-debugsource-0:3.6.5-3.el10_0.6.x86_64",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-devel-0:3.6.5-3.el10_0.6.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.aarch64"
},
"product_reference": "libsoup3-devel-0:3.6.5-3.el10_0.6.aarch64",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-devel-0:3.6.5-3.el10_0.6.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.ppc64le"
},
"product_reference": "libsoup3-devel-0:3.6.5-3.el10_0.6.ppc64le",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-devel-0:3.6.5-3.el10_0.6.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.s390x"
},
"product_reference": "libsoup3-devel-0:3.6.5-3.el10_0.6.s390x",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-devel-0:3.6.5-3.el10_0.6.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.x86_64"
},
"product_reference": "libsoup3-devel-0:3.6.5-3.el10_0.6.x86_64",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-doc-0:3.6.5-3.el10_0.6.noarch as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:libsoup3-doc-0:3.6.5-3.el10_0.6.noarch"
},
"product_reference": "libsoup3-doc-0:3.6.5-3.el10_0.6.noarch",
"relates_to_product_reference": "CRB-10.0.Z"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Jan R\u00f3\u017ca\u0144ski"
]
}
],
"cve": "CVE-2025-4035",
"cwe": {
"id": "CWE-178",
"name": "Improper Handling of Case Sensitivity"
},
"discovery_date": "2025-04-28T05:38:56.188000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2362651"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set cookies for domains it does not own, potentially leading to integrity issues such as session fixation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Cookie domain validation bypass via uppercase characters in libsoup",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.src",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-doc-0:3.6.5-3.el10_0.6.noarch",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.src",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-doc-0:3.6.5-3.el10_0.6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4035"
},
{
"category": "external",
"summary": "RHBZ#2362651",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362651"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4035",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4035"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4035",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4035"
}
],
"release_date": "2025-04-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-26T07:01:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.src",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-doc-0:3.6.5-3.el10_0.6.noarch",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.src",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-doc-0:3.6.5-3.el10_0.6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8128"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.src",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-doc-0:3.6.5-3.el10_0.6.noarch",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.src",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-doc-0:3.6.5-3.el10_0.6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libsoup: Cookie domain validation bypass via uppercase characters in libsoup"
},
{
"acknowledgments": [
{
"names": [
"zkbytes",
"fouzhe"
]
}
],
"cve": "CVE-2025-4948",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"discovery_date": "2025-05-19T05:22:19.904000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2367183"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal calculation can go wrong, leading to an integer underflow. This can cause the program to access invalid memory and crash. As a result, any application or server using libsoup could be forced to exit unexpectedly, creating a denial-of-service (DoS) risk.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Integer Underflow in soup_multipart_new_from_message() Leading to Denial of Service in libsoup",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has assessed the severity of this vulnerability as High, given that it can be remotely triggered without authentication or user interaction. Successful exploitation allows an attacker to crash services or applications relying on libsoup for HTTP multipart message processing. The vulnerability\u2019s root cause is a lack of proper bounds checking that results in an integer underflow and subsequent denial-of-service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.src",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-doc-0:3.6.5-3.el10_0.6.noarch",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.src",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-doc-0:3.6.5-3.el10_0.6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4948"
},
{
"category": "external",
"summary": "RHBZ#2367183",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367183"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4948"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4948",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4948"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/449",
"url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/449"
}
],
"release_date": "2025-05-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-26T07:01:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.src",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-doc-0:3.6.5-3.el10_0.6.noarch",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.src",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-doc-0:3.6.5-3.el10_0.6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8128"
},
{
"category": "workaround",
"details": "To mitigate this issue, Red Hat recommends avoiding the use of libsoup with untrusted or unauthenticated multipart HTTP message sources until updated packages are available. Administrators can deploy application-level filters or HTTP proxies that reject malformed multipart requests. It is strongly advised to apply vendor-supplied patches as soon as they are released to address this integer underflow vulnerability and restore the stability of affected services.",
"product_ids": [
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.src",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-doc-0:3.6.5-3.el10_0.6.noarch",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.src",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-doc-0:3.6.5-3.el10_0.6.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.src",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-doc-0:3.6.5-3.el10_0.6.noarch",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.src",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-doc-0:3.6.5-3.el10_0.6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libsoup: Integer Underflow in soup_multipart_new_from_message() Leading to Denial of Service in libsoup"
},
{
"cve": "CVE-2025-32049",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-04-03T01:16:46.830000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2357066"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Denial of Service attack to websocket server",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.src",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-doc-0:3.6.5-3.el10_0.6.noarch",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.src",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-doc-0:3.6.5-3.el10_0.6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32049"
},
{
"category": "external",
"summary": "RHBZ#2357066",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357066"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32049",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32049"
}
],
"release_date": "2025-04-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-26T07:01:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.src",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-doc-0:3.6.5-3.el10_0.6.noarch",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.src",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-doc-0:3.6.5-3.el10_0.6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8128"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this vulnerability.",
"product_ids": [
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.src",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-doc-0:3.6.5-3.el10_0.6.noarch",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.src",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-doc-0:3.6.5-3.el10_0.6.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.src",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-doc-0:3.6.5-3.el10_0.6.noarch",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.src",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-doc-0:3.6.5-3.el10_0.6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libsoup: Denial of Service attack to websocket server"
},
{
"cve": "CVE-2025-32907",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-04-14T01:27:08.699000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2359342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a full denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Denial of service in server when client requests a large amount of overlapping ranges with Range header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.src",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-doc-0:3.6.5-3.el10_0.6.noarch",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.src",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-doc-0:3.6.5-3.el10_0.6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32907"
},
{
"category": "external",
"summary": "RHBZ#2359342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32907"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32907",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32907"
}
],
"release_date": "2025-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-26T07:01:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.src",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-doc-0:3.6.5-3.el10_0.6.noarch",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.src",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-doc-0:3.6.5-3.el10_0.6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8128"
},
{
"category": "workaround",
"details": "Currently, no mitigation was found for this vulnerability.",
"product_ids": [
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.src",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-doc-0:3.6.5-3.el10_0.6.noarch",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.src",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-doc-0:3.6.5-3.el10_0.6.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.src",
"AppStream-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.aarch64",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.ppc64le",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.s390x",
"AppStream-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.x86_64",
"AppStream-10.0.Z:libsoup3-doc-0:3.6.5-3.el10_0.6.noarch",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.src",
"CRB-10.0.Z:libsoup3-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-debuginfo-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-debugsource-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.aarch64",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.ppc64le",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.s390x",
"CRB-10.0.Z:libsoup3-devel-0:3.6.5-3.el10_0.6.x86_64",
"CRB-10.0.Z:libsoup3-doc-0:3.6.5-3.el10_0.6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libsoup: Denial of service in server when client requests a large amount of overlapping ranges with Range header"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…