FKIE_CVE-2025-4476

Vulnerability from fkie_nvd - Published: 2025-05-16 18:16 - Updated: 2025-05-19 13:35
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Summary
A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 (Unauthorized) HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing this malformed header can lead to a crash of the client application using libsoup. An attacker could exploit this by setting up a malicious HTTP server. If a user's application using the vulnerable libsoup library connects to this malicious server, it could result in a denial-of-service. Successful exploitation requires tricking a user's client application into connecting to the attacker's malicious server.
References
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2025-4476
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2366513
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 (Unauthorized) HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing this malformed header can lead to a crash of the client application using libsoup. An attacker could exploit this by setting up a malicious HTTP server. If a user\u0027s application using the vulnerable libsoup library connects to this malicious server, it could result in a denial-of-service. Successful exploitation requires tricking a user\u0027s client application into connecting to the attacker\u0027s malicious server."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad de denegaci\u00f3n de servicio en la librer\u00eda cliente HTTP libsoup. Esta falla puede activarse cuando un cliente libsoup recibe una respuesta HTTP 401 (No autorizado) que contiene un par\u00e1metro de dominio espec\u00edficamente dise\u00f1ado dentro del encabezado WWW-Authenticate. El procesamiento de este encabezado malformado puede provocar un bloqueo de la aplicaci\u00f3n cliente que utiliza libsoup. Un atacante podr\u00eda explotar esto configurando un servidor HTTP malicioso. Si la aplicaci\u00f3n de un usuario que utiliza la librer\u00eda libsoup vulnerable se conecta a este servidor malicioso, podr\u00eda provocar una denegaci\u00f3n de servicio. Para explotarla con \u00e9xito, es necesario enga\u00f1ar a la aplicaci\u00f3n cliente del usuario para que se conecte al servidor malicioso del atacante."
    }
  ],
  "id": "CVE-2025-4476",
  "lastModified": "2025-05-19T13:35:20.460",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-05-16T18:16:10.970",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/security/cve/CVE-2025-4476"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2366513"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.