Search

Find a vulnerability

Search criteria

    206 vulnerabilities found for Red Hat Enterprise Linux 8.8 Extended Update Support by Red Hat

    CVE-2025-4948 (GCVE-0-2025-4948)

    Vulnerability from nvd – Published: 2025-05-19 15:55 – Updated: 2026-06-30 14:27
    VLAI
    Title
    Libsoup: integer underflow in soup_multipart_new_from_message() leading to denial of service in libsoup
    Summary
    A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal calculation can go wrong, leading to an integer underflow. This can cause the program to access invalid memory and crash. As a result, any application or server using libsoup could be forced to exit unexpectedly, creating a denial-of-service (DoS) risk.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-191 - Integer Underflow (Wrap or Wraparound)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Affected: 0 , ≤ 3.6.5 (semver)
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:3.6.5-3.el10_0.6 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:2.62.2-9.el7_9 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:2.62.2-6.el7_9 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.62.3-9.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:2.62.3-1.el8_2.5 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.2::appstream
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:2.62.3-2.el8_4.5 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:2.62.3-2.el8_6.5 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:2.62.3-2.el8_6.5 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:2.62.3-2.el8_6.5 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:2.62.3-3.el8_8.5 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::appstream
        cpe:/o:redhat:rhel_eus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.72.0-10.el9_6.2 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:2.72.0-8.el9_0.5 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:2.72.0-8.el9_2.5 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:2.72.0-8.el9_4.5 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Date Public
    2025-05-19 00:00
    Credits
    Red Hat would like to thank fouzhe and zkbytes for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-4948",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T14:27:25.331569Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T14:27:36.179Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gitlab.gnome.org/GNOME/libsoup/-/work_items/449"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/libsoup",
              "defaultStatus": "unaffected",
              "packageName": "libsoup",
              "versions": [
                {
                  "lessThanOrEqual": "3.6.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.0"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup3",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.6.5-3.el10_0.6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.2-9.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.2-6.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-9.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-9.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.2::appstream",
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-1.el8_2.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_4.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::appstream",
                "cpe:/o:redhat:rhel_eus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-3.el8_8.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-10.el9_6.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_0.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_2.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_4.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank fouzhe and zkbytes for reporting this issue."
            }
          ],
          "datePublic": "2025-05-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal calculation can go wrong, leading to an integer underflow. This can cause the program to access invalid memory and crash. As a result, any application or server using libsoup could be forced to exit unexpectedly, creating a denial-of-service (DoS) risk."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-191",
                  "description": "Integer Underflow (Wrap or Wraparound)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T10:40:26.292Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:21657",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21657"
            },
            {
              "name": "RHSA-2025:8126",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8126"
            },
            {
              "name": "RHSA-2025:8128",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8128"
            },
            {
              "name": "RHSA-2025:8132",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8132"
            },
            {
              "name": "RHSA-2025:8139",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8139"
            },
            {
              "name": "RHSA-2025:8140",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8140"
            },
            {
              "name": "RHSA-2025:8252",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8252"
            },
            {
              "name": "RHSA-2025:8480",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8480"
            },
            {
              "name": "RHSA-2025:8481",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8481"
            },
            {
              "name": "RHSA-2025:8482",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8482"
            },
            {
              "name": "RHSA-2025:8663",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8663"
            },
            {
              "name": "RHSA-2025:9179",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:9179"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-4948"
            },
            {
              "name": "RHBZ#2367183",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367183"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/449"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-05-19T05:22:19.904Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-05-19T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libsoup: integer underflow in soup_multipart_new_from_message() leading to denial of service in libsoup",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this issue, Red Hat recommends avoiding the use of libsoup with untrusted or unauthenticated multipart HTTP message sources until updated packages are available. Administrators can deploy application-level filters or HTTP proxies that reject malformed multipart requests. It is strongly advised to apply vendor-supplied patches as soon as they are released to address this integer underflow vulnerability and restore the stability of affected services."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-191: Integer Underflow (Wrap or Wraparound)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-4948",
        "datePublished": "2025-05-19T15:55:46.230Z",
        "dateReserved": "2025-05-19T06:24:43.391Z",
        "dateUpdated": "2026-06-30T14:27:36.179Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-46421 (GCVE-0-2025-46421)

    Vulnerability from nvd – Published: 2025-04-24 13:01 – Updated: 2026-06-30 03:06
    VLAI
    Title
    Libsoup: information disclosure may leads libsoup client sends authorization header to a different host when being redirected by a server
    Summary
    A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2025:4439 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:4440 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:4508 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:4538 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:4560 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:4568 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:4609 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:4624 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:7436 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:7505 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2025-46421 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2361962 issue-trackingx_refsource_REDHAT
    https://gitlab.gnome.org/GNOME/libsoup/-/issues/439
    Impacted products
    Vendor Product Version
    Affected: 0 , < 3.6.5 (semver)
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:3.6.5-3.el10_0 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.62.3-8.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:2.62.3-1.el8_2.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.2::appstream
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:2.62.3-2.el8_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service Unaffected: 0:2.62.3-2.el8_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Unaffected: 0:2.62.3-2.el8_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:2.62.3-2.el8_6.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:2.62.3-2.el8_6.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:2.62.3-2.el8_6.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:2.62.3-3.el8_8.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::appstream
        cpe:/o:redhat:rhel_eus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.72.0-10.el9_6.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:2.72.0-8.el9_0.4 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:2.72.0-8.el9_2.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:2.72.0-8.el9_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Date Public
    2025-04-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-46421",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-24T13:12:43.291380Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-29T13:32:41.957Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/libsoup",
              "defaultStatus": "unaffected",
              "packageName": "libsoup",
              "versions": [
                {
                  "lessThan": "3.6.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.0"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup3",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.6.5-3.el10_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-8.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-8.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.2::appstream",
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-1.el8_2.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::appstream",
                "cpe:/o:redhat:rhel_eus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-3.el8_8.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-10.el9_6.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_0.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_2.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-04-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-497",
                  "description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T03:06:47.188Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:4439",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4439"
            },
            {
              "name": "RHSA-2025:4440",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4440"
            },
            {
              "name": "RHSA-2025:4508",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4508"
            },
            {
              "name": "RHSA-2025:4538",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4538"
            },
            {
              "name": "RHSA-2025:4560",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4560"
            },
            {
              "name": "RHSA-2025:4568",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4568"
            },
            {
              "name": "RHSA-2025:4609",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4609"
            },
            {
              "name": "RHSA-2025:4624",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4624"
            },
            {
              "name": "RHSA-2025:7436",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7436"
            },
            {
              "name": "RHSA-2025:7505",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7505"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-46421"
            },
            {
              "name": "RHBZ#2361962",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361962"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/439"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-24T01:35:00.884Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-04-24T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libsoup: information disclosure may leads libsoup client sends authorization header to a different host when being redirected by a server",
          "workarounds": [
            {
              "lang": "en",
              "value": "Currently, no mitigation is available for this vulnerability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-46421",
        "datePublished": "2025-04-24T13:01:24.589Z",
        "dateReserved": "2025-04-24T01:37:42.413Z",
        "dateUpdated": "2026-06-30T03:06:47.188Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-46420 (GCVE-0-2025-46420)

    Vulnerability from nvd – Published: 2025-04-24 12:58 – Updated: 2026-06-30 03:06
    VLAI
    Title
    Libsoup: memory leak on soup_header_parse_quality_list() via soup-headers.c
    Summary
    A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-401 - Missing Release of Memory after Effective Lifetime
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2025:4439 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:4440 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:4508 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:4538 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:4560 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:4568 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:4609 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:4624 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:7436 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2025-46420 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2361963 issue-trackingx_refsource_REDHAT
    https://gitlab.gnome.org/GNOME/libsoup/-/issues/438
    Impacted products
    Vendor Product Version
    Affected: 0 , < 3.6.3 (semver)
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.62.3-8.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:2.62.3-1.el8_2.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.2::appstream
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:2.62.3-2.el8_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service Unaffected: 0:2.62.3-2.el8_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Unaffected: 0:2.62.3-2.el8_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:2.62.3-2.el8_6.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:2.62.3-2.el8_6.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:2.62.3-2.el8_6.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:2.62.3-3.el8_8.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::appstream
        cpe:/o:redhat:rhel_eus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.72.0-10.el9_6.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:2.72.0-8.el9_0.4 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:2.72.0-8.el9_2.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:2.72.0-8.el9_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Date Public
    2025-04-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-46420",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-24T13:14:47.382231Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-29T13:33:33.836Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/libsoup",
              "defaultStatus": "unaffected",
              "packageName": "libsoup",
              "versions": [
                {
                  "lessThan": "3.6.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-8.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-8.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.2::appstream",
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-1.el8_2.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::appstream",
                "cpe:/o:redhat:rhel_eus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-3.el8_8.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-10.el9_6.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_0.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_2.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "libsoup3",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-04-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "Missing Release of Memory after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T03:06:44.572Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:4439",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4439"
            },
            {
              "name": "RHSA-2025:4440",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4440"
            },
            {
              "name": "RHSA-2025:4508",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4508"
            },
            {
              "name": "RHSA-2025:4538",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4538"
            },
            {
              "name": "RHSA-2025:4560",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4560"
            },
            {
              "name": "RHSA-2025:4568",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4568"
            },
            {
              "name": "RHSA-2025:4609",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4609"
            },
            {
              "name": "RHSA-2025:4624",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4624"
            },
            {
              "name": "RHSA-2025:7436",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7436"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-46420"
            },
            {
              "name": "RHBZ#2361963",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361963"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/438"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-24T01:33:03.009Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-04-24T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libsoup: memory leak on soup_header_parse_quality_list() via soup-headers.c",
          "workarounds": [
            {
              "lang": "en",
              "value": "Currently, no mitigation is available for this vulnerability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-401: Missing Release of Memory after Effective Lifetime"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-46420",
        "datePublished": "2025-04-24T12:58:01.121Z",
        "dateReserved": "2025-04-24T01:37:42.412Z",
        "dateUpdated": "2026-06-30T03:06:44.572Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-32911 (GCVE-0-2025-32911)

    Vulnerability from nvd – Published: 2025-04-15 15:39 – Updated: 2026-06-29 21:26
    VLAI
    Title
    Libsoup: double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" ghashtable value
    Summary
    A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-590 - Free of Memory not on the Heap
    Assigner
    References
    Impacted products
    Vendor Product Version
    Affected: 0 , < 3.6.3 (semver)
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:2.62.2-9.el7_9 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:2.62.2-6.el7_9 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.62.3-8.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.8-3.el8_10.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:8.10-1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:2.62.3-1.el8_2.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.2::appstream
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:2.62.3-2.el8_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service Unaffected: 0:2.62.3-2.el8_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Unaffected: 0:2.62.3-2.el8_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:2.62.3-2.el8_6.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:2.62.3-2.el8_6.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:2.62.3-2.el8_6.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:2.62.3-3.el8_8.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::appstream
        cpe:/o:redhat:rhel_eus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.72.0-10.el9_6.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:2.72.0-8.el9_0.4 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:2.72.0-8.el9_2.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:2.72.0-8.el9_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Date Public
    2025-04-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32911",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-15T15:57:21.589990Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-15T15:57:38.074Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:53:44.770Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/libsoup/",
              "defaultStatus": "unaffected",
              "packageName": "libsoup",
              "versions": [
                {
                  "lessThan": "3.6.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.2-9.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.2-6.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-8.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/a:redhat:enterprise_linux:8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-freetype",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.8-3.el8_10.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/a:redhat:enterprise_linux:8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "spice-client-win",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.10-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-8.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.2::appstream",
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-1.el8_2.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::appstream",
                "cpe:/o:redhat:rhel_eus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-3.el8_8.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-10.el9_6.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_0.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_2.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "libsoup3",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-04-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-590",
                  "description": "Free of Memory not on the Heap",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T21:26:53.846Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:21657",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21657"
            },
            {
              "name": "RHSA-2025:4439",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4439"
            },
            {
              "name": "RHSA-2025:4440",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4440"
            },
            {
              "name": "RHSA-2025:4508",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4508"
            },
            {
              "name": "RHSA-2025:4538",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4538"
            },
            {
              "name": "RHSA-2025:4560",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4560"
            },
            {
              "name": "RHSA-2025:4568",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4568"
            },
            {
              "name": "RHSA-2025:4609",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4609"
            },
            {
              "name": "RHSA-2025:4624",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4624"
            },
            {
              "name": "RHSA-2025:7436",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7436"
            },
            {
              "name": "RHSA-2025:8292",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8292"
            },
            {
              "name": "RHSA-2025:9179",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:9179"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-32911"
            },
            {
              "name": "RHBZ#2359355",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359355"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/433"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-14T01:21:00.518Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-04-14T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libsoup: double free on  soup_message_headers_get_content_disposition() through  \"soup-message-headers.c\" via \"params\" ghashtable value",
          "workarounds": [
            {
              "lang": "en",
              "value": "Currently, no mitigation is available for this vulnerability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-590: Free of Memory not on the Heap"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-32911",
        "datePublished": "2025-04-15T15:39:34.919Z",
        "dateReserved": "2025-04-14T01:59:13.827Z",
        "dateUpdated": "2026-06-29T21:26:53.846Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-32914 (GCVE-0-2025-32914)

    Vulnerability from nvd – Published: 2025-04-14 14:45 – Updated: 2026-06-30 00:34
    VLAI
    Title
    Libsoup: oob read on libsoup through function "soup_multipart_new_from_message" in soup-multipart.c leads to crash or exit of process
    Summary
    A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Affected: 0 , < 3.6.5 (semver)
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:3.6.5-3.el10_0 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:2.62.2-9.el7_9 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:2.62.2-6.el7_9 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.62.3-9.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:2.62.3-1.el8_2.5 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.2::appstream
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:2.62.3-2.el8_4.5 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:2.62.3-2.el8_6.5 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:2.62.3-2.el8_6.5 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:2.62.3-2.el8_6.5 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:2.62.3-3.el8_8.5 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::appstream
        cpe:/o:redhat:rhel_eus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.72.0-10.el9_6.2 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:2.72.0-8.el9_0.5 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:2.72.0-8.el9_2.5 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:2.72.0-8.el9_4.5 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Date Public
    2025-04-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32914",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T15:05:22.790979Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-14T15:05:37.281Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:53:48.959Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/libsoup/",
              "defaultStatus": "unaffected",
              "packageName": "libsoup",
              "versions": [
                {
                  "lessThan": "3.6.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.0"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup3",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.6.5-3.el10_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.2-9.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.2-6.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-9.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-9.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.2::appstream",
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-1.el8_2.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_4.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::appstream",
                "cpe:/o:redhat:rhel_eus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-3.el8_8.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-10.el9_6.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_0.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_2.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_4.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-04-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T00:34:22.983Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:21657",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21657"
            },
            {
              "name": "RHSA-2025:7505",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7505"
            },
            {
              "name": "RHSA-2025:8126",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8126"
            },
            {
              "name": "RHSA-2025:8132",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8132"
            },
            {
              "name": "RHSA-2025:8139",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8139"
            },
            {
              "name": "RHSA-2025:8140",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8140"
            },
            {
              "name": "RHSA-2025:8252",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8252"
            },
            {
              "name": "RHSA-2025:8480",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8480"
            },
            {
              "name": "RHSA-2025:8481",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8481"
            },
            {
              "name": "RHSA-2025:8482",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8482"
            },
            {
              "name": "RHSA-2025:8663",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8663"
            },
            {
              "name": "RHSA-2025:9179",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:9179"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-32914"
            },
            {
              "name": "RHBZ#2359358",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359358"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/436"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-14T01:21:01.384Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-04-14T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libsoup: oob read on libsoup through function  \"soup_multipart_new_from_message\" in soup-multipart.c leads to crash or  exit of process",
          "workarounds": [
            {
              "lang": "en",
              "value": "Currently, no mitigation is available for this vulnerability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-125: Out-of-bounds Read"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-32914",
        "datePublished": "2025-04-14T14:45:46.300Z",
        "dateReserved": "2025-04-14T01:59:13.828Z",
        "dateUpdated": "2026-06-30T00:34:22.983Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-32913 (GCVE-0-2025-32913)

    Vulnerability from nvd – Published: 2025-04-14 13:37 – Updated: 2026-06-29 20:39
    VLAI
    Title
    Libsoup: null pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in content-disposition header
    Summary
    A flaw was found in libsoup, where the soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    References
    Impacted products
    Vendor Product Version
    Affected: 0 , < 3.6.2 (semver)
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:2.62.2-9.el7_9 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:2.62.2-6.el7_9 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.62.3-8.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.8-3.el8_10.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:8.10-1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:2.62.3-1.el8_2.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.2::appstream
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:2.62.3-2.el8_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service Unaffected: 0:2.62.3-2.el8_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Unaffected: 0:2.62.3-2.el8_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:2.62.3-2.el8_6.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:2.62.3-2.el8_6.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:2.62.3-2.el8_6.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:2.62.3-3.el8_8.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::appstream
        cpe:/o:redhat:rhel_eus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.72.0-10.el9_6.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:2.72.0-8.el9_0.4 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:2.72.0-8.el9_2.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:2.72.0-8.el9_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Date Public
    2025-04-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32913",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T13:54:02.941942Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-14T13:54:31.425Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:53:47.523Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/libsoup/",
              "defaultStatus": "unaffected",
              "packageName": "libsoup",
              "versions": [
                {
                  "lessThan": "3.6.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.2-9.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.2-6.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-8.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/a:redhat:enterprise_linux:8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-freetype",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.8-3.el8_10.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/a:redhat:enterprise_linux:8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "spice-client-win",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.10-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-8.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.2::appstream",
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-1.el8_2.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::appstream",
                "cpe:/o:redhat:rhel_eus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-3.el8_8.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-10.el9_6.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_0.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_2.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "libsoup3",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-04-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in libsoup, where the soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T20:39:38.676Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:21657",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21657"
            },
            {
              "name": "RHSA-2025:4439",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4439"
            },
            {
              "name": "RHSA-2025:4440",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4440"
            },
            {
              "name": "RHSA-2025:4508",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4508"
            },
            {
              "name": "RHSA-2025:4538",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4538"
            },
            {
              "name": "RHSA-2025:4560",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4560"
            },
            {
              "name": "RHSA-2025:4568",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4568"
            },
            {
              "name": "RHSA-2025:4609",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4609"
            },
            {
              "name": "RHSA-2025:4624",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4624"
            },
            {
              "name": "RHSA-2025:7436",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7436"
            },
            {
              "name": "RHSA-2025:8292",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8292"
            },
            {
              "name": "RHSA-2025:9179",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:9179"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-32913"
            },
            {
              "name": "RHBZ#2359357",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359357"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/435"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-14T01:21:01.010Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-04-14T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libsoup: null pointer dereference in  soup_message_headers_get_content_disposition when \"filename\" parameter  is present, but has no value in content-disposition header",
          "workarounds": [
            {
              "lang": "en",
              "value": "Currently, no mitigation is available for this vulnerability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-32913",
        "datePublished": "2025-04-14T13:37:36.587Z",
        "dateReserved": "2025-04-14T01:59:13.827Z",
        "dateUpdated": "2026-06-29T20:39:38.676Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-32906 (GCVE-0-2025-32906)

    Vulnerability from nvd – Published: 2025-04-14 13:58 – Updated: 2026-06-29 20:39
    VLAI
    Title
    Libsoup: out of bounds reads in soup_headers_parse_request()
    Summary
    A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Affected: 0 , < 3.6.5 (semver)
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:3.6.5-3.el10_0 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:2.62.2-9.el7_9 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:2.62.2-6.el7_9 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.62.3-8.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.8-3.el8_10.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:8.10-1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:2.62.3-1.el8_2.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.2::appstream
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:2.62.3-2.el8_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service Unaffected: 0:2.62.3-2.el8_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Unaffected: 0:2.62.3-2.el8_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:2.62.3-2.el8_6.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:2.62.3-2.el8_6.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:2.62.3-2.el8_6.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:2.62.3-3.el8_8.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::appstream
        cpe:/o:redhat:rhel_eus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.72.0-10.el9_6.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:2.72.0-8.el9_0.4 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:2.72.0-8.el9_2.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:2.72.0-8.el9_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Date Public
    2025-04-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32906",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T14:13:49.519508Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-14T18:06:07.759Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:53:40.598Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/libsoup/",
              "defaultStatus": "unaffected",
              "packageName": "libsoup",
              "versions": [
                {
                  "lessThan": "3.6.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.0"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup3",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.6.5-3.el10_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.2-9.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.2-6.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-8.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/a:redhat:enterprise_linux:8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-freetype",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.8-3.el8_10.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/a:redhat:enterprise_linux:8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "spice-client-win",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.10-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-8.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.2::appstream",
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-1.el8_2.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::appstream",
                "cpe:/o:redhat:rhel_eus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-3.el8_8.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-10.el9_6.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_0.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_2.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-04-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T20:39:25.195Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:21657",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21657"
            },
            {
              "name": "RHSA-2025:4439",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4439"
            },
            {
              "name": "RHSA-2025:4440",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4440"
            },
            {
              "name": "RHSA-2025:4508",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4508"
            },
            {
              "name": "RHSA-2025:4538",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4538"
            },
            {
              "name": "RHSA-2025:4560",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4560"
            },
            {
              "name": "RHSA-2025:4568",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4568"
            },
            {
              "name": "RHSA-2025:4609",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4609"
            },
            {
              "name": "RHSA-2025:4624",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4624"
            },
            {
              "name": "RHSA-2025:7436",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7436"
            },
            {
              "name": "RHSA-2025:7505",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7505"
            },
            {
              "name": "RHSA-2025:8292",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8292"
            },
            {
              "name": "RHSA-2025:9179",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:9179"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-32906"
            },
            {
              "name": "RHBZ#2359341",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359341"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/404"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-14T01:27:05.130Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-04-14T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libsoup: out of bounds reads in soup_headers_parse_request()",
          "workarounds": [
            {
              "lang": "en",
              "value": "Currently, no mitigation was found for this vulnerability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-125: Out-of-bounds Read"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-32906",
        "datePublished": "2025-04-14T13:58:39.718Z",
        "dateReserved": "2025-04-14T01:37:48.152Z",
        "dateUpdated": "2026-06-29T20:39:25.195Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-3155 (GCVE-0-2025-3155)

    Vulnerability from nvd – Published: 2025-04-03 13:34 – Updated: 2026-06-29 20:36
    VLAI
    Title
    Yelp: arbitrary file read
    Summary
    A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 0 , < 42.2-8 (rpm)
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 2:3.28.1-3.el8_10.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:3.28.0-2.el8_10.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 2:3.28.1-3.el8_2.1 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 2:3.28.1-3.el8_4.1 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service Unaffected: 2:3.28.1-3.el8_4.1 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Unaffected: 2:3.28.1-3.el8_4.1 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 2:3.28.1-3.el8_6.1 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 2:3.28.1-3.el8_6.1 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 2:3.28.1-3.el8_6.1 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 2:3.28.1-3.el8_8.1 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::appstream
        cpe:/a:redhat:rhel_eus:8.8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 2:40.3-2.el9_6.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 2:40.3-2.el9_0.1 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 2:40.3-2.el9_2.1 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
        cpe:/a:redhat:rhel_eus:9.2::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 2:40.3-2.el9_4.1 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
        cpe:/a:redhat:rhel_eus:9.4::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Date Public
    2025-04-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3155",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-08T12:58:45.628086Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-08T12:59:45.505Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gist.github.com/parrot409/e970b155358d45b298d7024edd9b17f2"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-05-28T20:03:22.994Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/04/04/1"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00036.html"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00037.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/yelp/",
              "defaultStatus": "unaffected",
              "packageName": "yelp",
              "versions": [
                {
                  "lessThan": "42.2-8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/a:redhat:enterprise_linux:8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:3.28.1-3.el8_10.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/a:redhat:enterprise_linux:8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp-xsl",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.28.0-2.el8_10.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:3.28.1-3.el8_2.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:3.28.1-3.el8_4.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:3.28.1-3.el8_4.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:3.28.1-3.el8_4.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:3.28.1-3.el8_6.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:3.28.1-3.el8_6.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:3.28.1-3.el8_6.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::appstream",
                "cpe:/a:redhat:rhel_eus:8.8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:3.28.1-3.el8_8.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:40.3-2.el9_6.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:40.3-2.el9_0.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream",
                "cpe:/a:redhat:rhel_eus:9.2::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:40.3-2.el9_2.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream",
                "cpe:/a:redhat:rhel_eus:9.4::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:40.3-2.el9_4.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp-xsl",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp-xsl",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-04-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T20:36:07.629Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:4450",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4450"
            },
            {
              "name": "RHSA-2025:4451",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4451"
            },
            {
              "name": "RHSA-2025:4455",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4455"
            },
            {
              "name": "RHSA-2025:4456",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4456"
            },
            {
              "name": "RHSA-2025:4457",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4457"
            },
            {
              "name": "RHSA-2025:4505",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4505"
            },
            {
              "name": "RHSA-2025:4532",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4532"
            },
            {
              "name": "RHSA-2025:7430",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7430"
            },
            {
              "name": "RHSA-2025:7569",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7569"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-3155"
            },
            {
              "name": "RHBZ#2357091",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357091"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/yelp/-/issues/221"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-03T01:57:56.192Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-04-03T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Yelp: arbitrary file read",
          "workarounds": [
            {
              "lang": "en",
              "value": "Currently, no mitigation is available for this vulnerability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-3155",
        "datePublished": "2025-04-03T13:34:18.878Z",
        "dateReserved": "2025-04-03T02:00:30.674Z",
        "dateUpdated": "2026-06-29T20:36:07.629Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-32053 (GCVE-0-2025-32053)

    Vulnerability from nvd – Published: 2025-04-03 13:37 – Updated: 2026-06-30 00:33
    VLAI
    Title
    Libsoup: heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space()
    Summary
    A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 0 , < 3.6.1 (semver)
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.62.3-8.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.8-3.el8_10.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:8.10-1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:2.62.3-3.el8_8.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::appstream
        cpe:/o:redhat:rhel_eus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.72.0-10.el9_6.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:2.72.0-8.el9_2.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:2.72.0-8.el9_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Date Public
    2025-04-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32053",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-03T14:04:01.420300Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-03T14:04:16.262Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:53:16.968Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/libsoup/",
              "defaultStatus": "unaffected",
              "packageName": "libsoup",
              "versions": [
                {
                  "lessThan": "3.6.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-8.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/a:redhat:enterprise_linux:8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-freetype",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.8-3.el8_10.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/a:redhat:enterprise_linux:8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "spice-client-win",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.10-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-8.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::appstream",
                "cpe:/o:redhat:rhel_eus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-3.el8_8.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-10.el9_6.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_2.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "libsoup3",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-04-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-126",
                  "description": "Buffer Over-read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T00:33:56.673Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:4440",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4440"
            },
            {
              "name": "RHSA-2025:4508",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4508"
            },
            {
              "name": "RHSA-2025:4560",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4560"
            },
            {
              "name": "RHSA-2025:4568",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4568"
            },
            {
              "name": "RHSA-2025:7436",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7436"
            },
            {
              "name": "RHSA-2025:8292",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8292"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-32053"
            },
            {
              "name": "RHBZ#2357070",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357070"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/426"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-03T01:16:47.321Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-04-03T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libsoup: heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space()",
          "workarounds": [
            {
              "lang": "en",
              "value": "No mitigation is currently available for this vulnerability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-126: Buffer Over-read"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-32053",
        "datePublished": "2025-04-03T13:37:39.054Z",
        "dateReserved": "2025-04-03T01:42:14.135Z",
        "dateUpdated": "2026-06-30T00:33:56.673Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-32052 (GCVE-0-2025-32052)

    Vulnerability from nvd – Published: 2025-04-03 13:37 – Updated: 2026-06-30 00:33
    VLAI
    Title
    Libsoup: heap buffer overflow in sniff_unknown()
    Summary
    A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 0 , < 3.6.1 (semver)
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.62.3-8.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.8-3.el8_10.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:8.10-1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:2.62.3-3.el8_8.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::appstream
        cpe:/o:redhat:rhel_eus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.72.0-10.el9_6.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:2.72.0-8.el9_2.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:2.72.0-8.el9_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Date Public
    2025-04-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32052",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-03T14:44:39.371468Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-03T14:45:08.025Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:53:15.629Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/libsoup/",
              "defaultStatus": "unaffected",
              "packageName": "libsoup",
              "versions": [
                {
                  "lessThan": "3.6.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-8.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/a:redhat:enterprise_linux:8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-freetype",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.8-3.el8_10.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/a:redhat:enterprise_linux:8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "spice-client-win",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.10-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-8.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::appstream",
                "cpe:/o:redhat:rhel_eus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-3.el8_8.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-10.el9_6.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_2.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "libsoup3",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-04-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-126",
                  "description": "Buffer Over-read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T00:33:56.608Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:4440",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4440"
            },
            {
              "name": "RHSA-2025:4508",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4508"
            },
            {
              "name": "RHSA-2025:4560",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4560"
            },
            {
              "name": "RHSA-2025:4568",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4568"
            },
            {
              "name": "RHSA-2025:7436",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7436"
            },
            {
              "name": "RHSA-2025:8292",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8292"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-32052"
            },
            {
              "name": "RHBZ#2357069",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357069"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/425"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-03T01:16:47.177Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-04-03T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libsoup: heap buffer overflow in sniff_unknown()",
          "workarounds": [
            {
              "lang": "en",
              "value": "No mitigation is currently available for this vulnerability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-126: Buffer Over-read"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-32052",
        "datePublished": "2025-04-03T13:37:23.109Z",
        "dateReserved": "2025-04-03T01:42:14.135Z",
        "dateUpdated": "2026-06-30T00:33:56.608Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-32050 (GCVE-0-2025-32050)

    Vulnerability from nvd – Published: 2025-04-03 13:36 – Updated: 2026-06-30 00:33
    VLAI
    Title
    Libsoup: integer overflow in append_param_quoted
    Summary
    A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 0 , < 3.6.1 (semver)
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.62.3-8.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.8-3.el8_10.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:8.10-1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:2.62.3-3.el8_8.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::appstream
        cpe:/o:redhat:rhel_eus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.72.0-10.el9_6.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:2.72.0-8.el9_2.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:2.72.0-8.el9_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Date Public
    2025-04-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32050",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-03T14:56:24.491360Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-03T14:57:28.366Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:53:14.249Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/libsoup/",
              "defaultStatus": "unaffected",
              "packageName": "libsoup",
              "versions": [
                {
                  "lessThan": "3.6.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-8.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/a:redhat:enterprise_linux:8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-freetype",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.8-3.el8_10.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/a:redhat:enterprise_linux:8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "spice-client-win",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.10-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-8.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::appstream",
                "cpe:/o:redhat:rhel_eus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-3.el8_8.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-10.el9_6.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_2.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "libsoup3",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-04-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-127",
                  "description": "Buffer Under-read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T00:33:51.130Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:4440",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4440"
            },
            {
              "name": "RHSA-2025:4508",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4508"
            },
            {
              "name": "RHSA-2025:4560",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4560"
            },
            {
              "name": "RHSA-2025:4568",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4568"
            },
            {
              "name": "RHSA-2025:7436",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7436"
            },
            {
              "name": "RHSA-2025:8292",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8292"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-32050"
            },
            {
              "name": "RHBZ#2357067",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357067"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/424"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-03T01:17:42.454Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-04-03T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libsoup: integer overflow in append_param_quoted",
          "workarounds": [
            {
              "lang": "en",
              "value": "No mitigation is currently available for this vulnerability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-127: Buffer Under-read"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-32050",
        "datePublished": "2025-04-03T13:36:29.141Z",
        "dateReserved": "2025-04-03T01:42:14.135Z",
        "dateUpdated": "2026-06-30T00:33:51.130Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-32049 (GCVE-0-2025-32049)

    Vulnerability from nvd – Published: 2025-04-03 13:36 – Updated: 2026-06-30 00:33
    VLAI
    Title
    Libsoup: denial of service attack to websocket server
    Summary
    A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    References
    Impacted products
    Vendor Product Version
    Affected: 0 , ≤ 3.6.4 (semver)
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:3.6.5-3.el10_0.6 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:2.62.2-9.el7_9 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:2.62.2-6.el7_9 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.62.3-9.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:2.62.3-1.el8_2.5 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.2::appstream
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:2.62.3-2.el8_4.5 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:2.62.3-2.el8_6.5 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:2.62.3-2.el8_6.5 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:2.62.3-2.el8_6.5 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:2.62.3-3.el8_8.5 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::appstream
        cpe:/o:redhat:rhel_eus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.72.0-10.el9_6.2 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:2.72.0-8.el9_0.5 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:2.72.0-8.el9_2.5 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:2.72.0-8.el9_4.5 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Date Public
    2025-04-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32049",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-03T14:58:16.040953Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-03T14:58:32.619Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/libsoup/",
              "defaultStatus": "unknown",
              "packageName": "libsoup",
              "versions": [
                {
                  "lessThanOrEqual": "3.6.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.0"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup3",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.6.5-3.el10_0.6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.2-9.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.2-6.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-9.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-9.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.2::appstream",
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-1.el8_2.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_4.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::appstream",
                "cpe:/o:redhat:rhel_eus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-3.el8_8.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-10.el9_6.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_0.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_2.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_4.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-04-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS)."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T00:33:49.421Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:21657",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21657"
            },
            {
              "name": "RHSA-2025:8126",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8126"
            },
            {
              "name": "RHSA-2025:8128",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8128"
            },
            {
              "name": "RHSA-2025:8132",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8132"
            },
            {
              "name": "RHSA-2025:8139",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8139"
            },
            {
              "name": "RHSA-2025:8140",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8140"
            },
            {
              "name": "RHSA-2025:8252",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8252"
            },
            {
              "name": "RHSA-2025:8480",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8480"
            },
            {
              "name": "RHSA-2025:8481",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8481"
            },
            {
              "name": "RHSA-2025:8482",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8482"
            },
            {
              "name": "RHSA-2025:8663",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8663"
            },
            {
              "name": "RHSA-2025:9179",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:9179"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-32049"
            },
            {
              "name": "RHBZ#2357066",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357066"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/390"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/408"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-03T01:16:46.830Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-04-03T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libsoup: denial of service attack to websocket server",
          "workarounds": [
            {
              "lang": "en",
              "value": "No mitigation is currently available for this vulnerability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-770: Allocation of Resources Without Limits or Throttling"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-32049",
        "datePublished": "2025-04-03T13:36:13.035Z",
        "dateReserved": "2025-04-03T01:42:14.134Z",
        "dateUpdated": "2026-06-30T00:33:49.421Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-2784 (GCVE-0-2025-2784)

    Vulnerability from nvd – Published: 2025-04-03 01:40 – Updated: 2026-06-30 03:15
    VLAI
    Title
    Libsoup: heap buffer over-read in `skip_insignificant_space` when sniffing content
    Summary
    A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Affected: 0 , < 3.6.5 (semver)
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:3.6.5-3.el10_0 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:2.62.2-9.el7_9 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:2.62.2-6.el7_9 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.62.3-9.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:2.62.3-1.el8_2.5 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.2::appstream
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:2.62.3-2.el8_4.5 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:2.62.3-2.el8_6.5 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:2.62.3-2.el8_6.5 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:2.62.3-2.el8_6.5 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:2.62.3-3.el8_8.5 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::appstream
        cpe:/o:redhat:rhel_eus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.72.0-10.el9_6.2 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:2.72.0-8.el9_0.5 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:2.72.0-8.el9_2.5 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:2.72.0-8.el9_4.5 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Date Public
    2025-03-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2784",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-03T13:36:03.192367Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-03T13:36:07.757Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/422"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:46:38.418Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/libsoup/",
              "defaultStatus": "unaffected",
              "packageName": "libsoup",
              "versions": [
                {
                  "lessThan": "3.6.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.0"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup3",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.6.5-3.el10_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.2-9.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.2-6.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-9.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-9.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.2::appstream",
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-1.el8_2.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_4.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::appstream",
                "cpe:/o:redhat:rhel_eus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-3.el8_8.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-10.el9_6.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_0.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_2.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_4.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-03-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T03:15:48.386Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:21657",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21657"
            },
            {
              "name": "RHSA-2025:7505",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7505"
            },
            {
              "name": "RHSA-2025:8126",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8126"
            },
            {
              "name": "RHSA-2025:8132",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8132"
            },
            {
              "name": "RHSA-2025:8139",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8139"
            },
            {
              "name": "RHSA-2025:8140",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8140"
            },
            {
              "name": "RHSA-2025:8252",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8252"
            },
            {
              "name": "RHSA-2025:8480",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8480"
            },
            {
              "name": "RHSA-2025:8481",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8481"
            },
            {
              "name": "RHSA-2025:8482",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8482"
            },
            {
              "name": "RHSA-2025:8663",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8663"
            },
            {
              "name": "RHSA-2025:9179",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:9179"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-2784"
            },
            {
              "name": "RHBZ#2354669",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2354669"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/422"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-03-25T01:57:31.752Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-03-25T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libsoup: heap buffer over-read in `skip_insignificant_space` when sniffing content",
          "workarounds": [
            {
              "lang": "en",
              "value": "Currently no mitigation is available for this vulnerability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-125: Out-of-bounds Read"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-2784",
        "datePublished": "2025-04-03T01:40:12.164Z",
        "dateReserved": "2025-03-25T01:57:20.112Z",
        "dateUpdated": "2026-06-30T03:15:48.386Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-8176 (GCVE-0-2024-8176)

    Vulnerability from nvd – Published: 2025-03-14 08:19 – Updated: 2026-06-29 23:24
    VLAI
    Title
    Libexpat: expat: improper restriction of xml entity expansion depth in libexpat
    Summary
    A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2025:13681 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22033 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22034 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22035 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22607 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22785 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22842 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22871 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:3531 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:3734 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:3913 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:4048 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:4446 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:4447 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:4448 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:4449 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:7444 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:7512 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:8385 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-8176 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2310137 issue-trackingx_refsource_REDHAT
    https://github.com/libexpat/libexpat/issues/893
    https://github.com/libexpat/libexpat/pull/973
    http://www.openwall.com/lists/oss-security/2025/03/15/1
    https://blog.hartwork.org/posts/expat-2-7-0-released/
    https://github.com/libexpat/libexpat/blob/R_2_7_0…
    https://bugzilla.suse.com/show_bug.cgi?id=1239618
    https://ubuntu.com/security/CVE-2024-8176
    https://security-tracker.debian.org/tracker/CVE-2…
    https://gitlab.alpinelinux.org/alpine/aports/-/co…
    https://security.netapp.com/advisory/ntap-2025032…
    https://www.kb.cert.org/vuls/id/760160
    http://seclists.org/fulldisclosure/2025/May/12
    http://seclists.org/fulldisclosure/2025/May/11
    http://seclists.org/fulldisclosure/2025/May/10
    http://seclists.org/fulldisclosure/2025/May/8
    http://seclists.org/fulldisclosure/2025/May/7
    http://seclists.org/fulldisclosure/2025/May/6
    http://www.openwall.com/lists/oss-security/2025/0…
    Impacted products
    Vendor Product Version
    Affected: 0 , < 2.7.0 (semver)
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:2.7.1-1.el10_0 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.2.5-17.el8_10 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:1.51.0-11.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::crb
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:2.2.10-1.el8_2 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:1.51.0-5.el8_2.2 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:2.2.10-1.el8_4 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:1.51.0-5.el8_4.2 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Unaffected: 0:2.2.10-1.el8_4 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service Unaffected: 0:1.51.0-5.el8_4.2 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Unaffected: 0:1.51.0-5.el8_4.2 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:2.2.10-1.el8_6 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:1.51.0-6.el8_6.1 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:2.2.10-1.el8_6 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:1.51.0-6.el8_6.1 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:2.2.10-1.el8_6 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:1.51.0-6.el8_6.1 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:1.51.0-8.el8_8.1 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::crb
        cpe:/o:redhat:rhel_eus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Telecommunications Update Service Unaffected: 0:2.2.10-1.el8_8 , < * (rpm)
        cpe:/o:redhat:rhel_e4s:8.8::baseos
        cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Unaffected: 0:2.2.10-1.el8_8 , < * (rpm)
        cpe:/o:redhat:rhel_e4s:8.8::baseos
        cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.5.0-3.el9_5.3 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.5.0-5.el9_6 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:2.2.10-12.el9_0.4 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
        cpe:/o:redhat:rhel_e4s:9.0::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Unaffected: 0:2.5.0-1.el9_2.3 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.2::appstream
        cpe:/o:redhat:rhel_e4s:9.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:2.5.0-2.el9_4.3 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
        cpe:/o:redhat:rhel_eus:9.4::baseos
    Create a notification for this product.
    Red Hat Red Hat JBoss Core Services 2.4.62.SP1     cpe:/a:redhat:jboss_core_services:1
    Create a notification for this product.
    Red Hat DevWorkspace Operator 0.33 Unaffected: 0.33-1744075017 , < * (rpm)
        cpe:/a:redhat:devworkspace:0.33::el9
    Create a notification for this product.
    Red Hat Red Hat Discovery 1.14 Unaffected: 1.14.3-1748529279 , < * (rpm)
        cpe:/a:redhat:discovery:1.14::el9
    Create a notification for this product.
    Red Hat Red Hat Discovery 1.14 Unaffected: 1.14.2-1748467619 , < * (rpm)
        cpe:/a:redhat:discovery:1.14::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Date Public
    2025-03-13 13:51
    Credits
    This issue was discovered by Jann Horn (Google Project Zero), Sandipan Roy (Red Hat), Sebastian Pipping (libexpat), and Tomas Korbar (Red Hat).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8176",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-14T13:13:22.690073Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-14T13:14:00.908Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T21:09:04.638Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/03/15/1"
              },
              {
                "url": "https://blog.hartwork.org/posts/expat-2-7-0-released/"
              },
              {
                "url": "https://github.com/libexpat/libexpat/blob/R_2_7_0/expat/Changes#L40-L52"
              },
              {
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1239618"
              },
              {
                "url": "https://ubuntu.com/security/CVE-2024-8176"
              },
              {
                "url": "https://security-tracker.debian.org/tracker/CVE-2024-8176"
              },
              {
                "url": "https://gitlab.alpinelinux.org/alpine/aports/-/commit/d068c3ff36fc6f4789988a09c69b434db757db53"
              },
              {
                "url": "https://security.netapp.com/advisory/ntap-20250328-0009/"
              },
              {
                "url": "https://www.kb.cert.org/vuls/id/760160"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/May/12"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/May/11"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/May/10"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/May/8"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/May/7"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/May/6"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/09/24/11"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/libexpat/libexpat/",
              "defaultStatus": "unaffected",
              "packageName": "libexpat",
              "versions": [
                {
                  "lessThan": "2.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.0"
              ],
              "defaultStatus": "affected",
              "packageName": "expat",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.7.1-1.el10_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "expat",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.5-17.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::crb",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "xmlrpc-c",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.51.0-11.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "expat",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.10-1.el8_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "xmlrpc-c",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.51.0-5.el8_2.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "expat",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.10-1.el8_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "xmlrpc-c",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.51.0-5.el8_4.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "expat",
              "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.10-1.el8_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "xmlrpc-c",
              "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.51.0-5.el8_4.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "xmlrpc-c",
              "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.51.0-5.el8_4.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "expat",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.10-1.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "xmlrpc-c",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.51.0-6.el8_6.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "expat",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.10-1.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "xmlrpc-c",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.51.0-6.el8_6.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "expat",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.10-1.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "xmlrpc-c",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.51.0-6.el8_6.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::crb",
                "cpe:/o:redhat:rhel_eus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "xmlrpc-c",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.51.0-8.el8_8.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_e4s:8.8::baseos",
                "cpe:/o:redhat:rhel_tus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "expat",
              "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.10-1.el8_8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_e4s:8.8::baseos",
                "cpe:/o:redhat:rhel_tus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "expat",
              "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.10-1.el8_8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "expat",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.5.0-3.el9_5.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "expat",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.5.0-5.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "expat",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.5.0-3.el9_5.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "expat",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.5.0-5.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream",
                "cpe:/o:redhat:rhel_e4s:9.0::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "expat",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.10-12.el9_0.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.2::appstream",
                "cpe:/o:redhat:rhel_e4s:9.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "expat",
              "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.5.0-1.el9_2.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream",
                "cpe:/o:redhat:rhel_eus:9.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "expat",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.5.0-2.el9_4.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_core_services:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "expat",
              "product": "Red Hat JBoss Core Services 2.4.62.SP1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:devworkspace:0.33::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "devworkspace/devworkspace-project-clone-rhel9",
              "product": "DevWorkspace Operator 0.33",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0.33-1744075017",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:discovery:1.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "discovery/discovery-server-rhel9",
              "product": "Red Hat Discovery 1.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.14.3-1748529279",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:discovery:1.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "discovery/discovery-ui-rhel9",
              "product": "Red Hat Discovery 1.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.14.2-1748467619",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "compat-expat1",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "expat",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "expat",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "firefox",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "thunderbird",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "firefox",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "lua-expat",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-expat",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "thunderbird",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "firefox",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "firefox:flatpak/firefox",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "thunderbird",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "thunderbird:flatpak/thunderbird",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Jann Horn (Google Project Zero), Sandipan Roy (Red Hat), Sebastian Pipping (libexpat), and Tomas Korbar (Red Hat)."
            }
          ],
          "datePublic": "2025-03-13T13:51:54.957Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-674",
                  "description": "Uncontrolled Recursion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T23:24:12.917Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:13681",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:13681"
            },
            {
              "name": "RHSA-2025:22033",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22033"
            },
            {
              "name": "RHSA-2025:22034",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22034"
            },
            {
              "name": "RHSA-2025:22035",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22035"
            },
            {
              "name": "RHSA-2025:22607",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22607"
            },
            {
              "name": "RHSA-2025:22785",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22785"
            },
            {
              "name": "RHSA-2025:22842",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22842"
            },
            {
              "name": "RHSA-2025:22871",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22871"
            },
            {
              "name": "RHSA-2025:3531",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:3531"
            },
            {
              "name": "RHSA-2025:3734",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:3734"
            },
            {
              "name": "RHSA-2025:3913",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:3913"
            },
            {
              "name": "RHSA-2025:4048",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4048"
            },
            {
              "name": "RHSA-2025:4446",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4446"
            },
            {
              "name": "RHSA-2025:4447",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4447"
            },
            {
              "name": "RHSA-2025:4448",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4448"
            },
            {
              "name": "RHSA-2025:4449",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4449"
            },
            {
              "name": "RHSA-2025:7444",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7444"
            },
            {
              "name": "RHSA-2025:7512",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7512"
            },
            {
              "name": "RHSA-2025:8385",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8385"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-8176"
            },
            {
              "name": "RHBZ#2310137",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310137"
            },
            {
              "url": "https://github.com/libexpat/libexpat/issues/893"
            },
            {
              "url": "https://github.com/libexpat/libexpat/pull/973"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-06-12T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-03-13T13:51:54.957Z",
              "value": "Made public."
            }
          ],
          "title": "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-674: Uncontrolled Recursion"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-8176",
        "datePublished": "2025-03-14T08:19:48.962Z",
        "dateReserved": "2024-08-26T12:36:40.985Z",
        "dateUpdated": "2026-06-29T23:24:12.917Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-26601 (GCVE-0-2025-26601)

    Vulnerability from nvd – Published: 2025-02-25 15:55 – Updated: 2026-06-29 20:37
    VLAI
    Title
    Xorg: xwayland: use-after-free in syncinittrigger()
    Summary
    A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2025:2500 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:2502 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:2861 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:2862 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:2865 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:2866 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:2873 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:2874 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:2875 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:2879 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:2880 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:3976 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:7163 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:7165 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:7458 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2025-26601 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2345251 issue-trackingx_refsource_REDHAT
    https://security.netapp.com/advisory/ntap-2025051…
    https://lists.debian.org/debian-lts-announce/2025…
    Impacted products
    Vendor Product Version
    Affected: 0 , < 21.1.16 (semver)
    Affected: 22.0.0 , < 24.1.6 (semver)
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:24.1.5-3.el10_0 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION Unaffected: 0:1.1.0-25.el6_10 , < * (rpm)
        cpe:/o:redhat:rhel_els:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:1.8.0-36.el7_9 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:1.20.4-30.el7_9 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:1.13.1-15.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:1.9.0-15.el8_2.13 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:1.11.0-8.el8_4.12 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service Unaffected: 0:1.11.0-8.el8_4.12 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Unaffected: 0:1.11.0-8.el8_4.12 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:1.12.0-6.el8_6.13 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:1.12.0-6.el8_6.13 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:1.12.0-6.el8_6.13 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:1.12.0-15.el8_8.12 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.14.1-1.el9_5.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.20.11-28.el9_6 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:23.2.7-3.el9_6 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:1.11.0-22.el9_0.13 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:1.12.0-14.el9_2.10 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:1.13.1-8.el9_4.5 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Date Public
    2025-02-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-26601",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-25T16:08:41.554166Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-25T16:08:49.344Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T21:13:09.542Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://security.netapp.com/advisory/ntap-20250516-0004/"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00036.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.freedesktop.org/xorg/xserver/",
              "defaultStatus": "unaffected",
              "packageName": "xserver",
              "versions": [
                {
                  "lessThan": "21.1.16",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.1.6",
                  "status": "affected",
                  "version": "22.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.0"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:24.1.5-3.el10_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:6"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 6 Extended Lifecycle Support  - EXTENSION",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.0-25.el6_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.8.0-36.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.4-30.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.13.1-15.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.9.0-15.el8_2.13",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.11.0-8.el8_4.12",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.11.0-8.el8_4.12",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.11.0-8.el8_4.12",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.12.0-6.el8_6.13",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.12.0-6.el8_6.13",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.12.0-6.el8_6.13",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.12.0-15.el8_8.12",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.14.1-1.el9_5.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-28.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:23.2.7-3.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.11.0-22.el9_0.13",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.12.0-14.el9_2.10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.13.1-8.el9_4.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-02-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T20:37:18.761Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:2500",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:2500"
            },
            {
              "name": "RHSA-2025:2502",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:2502"
            },
            {
              "name": "RHSA-2025:2861",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:2861"
            },
            {
              "name": "RHSA-2025:2862",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:2862"
            },
            {
              "name": "RHSA-2025:2865",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:2865"
            },
            {
              "name": "RHSA-2025:2866",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:2866"
            },
            {
              "name": "RHSA-2025:2873",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:2873"
            },
            {
              "name": "RHSA-2025:2874",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:2874"
            },
            {
              "name": "RHSA-2025:2875",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:2875"
            },
            {
              "name": "RHSA-2025:2879",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:2879"
            },
            {
              "name": "RHSA-2025:2880",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:2880"
            },
            {
              "name": "RHSA-2025:3976",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:3976"
            },
            {
              "name": "RHSA-2025:7163",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7163"
            },
            {
              "name": "RHSA-2025:7165",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7165"
            },
            {
              "name": "RHSA-2025:7458",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7458"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-26601"
            },
            {
              "name": "RHBZ#2345251",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345251"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-02-12T14:18:30.820Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-02-25T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Xorg: xwayland: use-after-free in syncinittrigger()",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-416: Use After Free"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-26601",
        "datePublished": "2025-02-25T15:55:36.775Z",
        "dateReserved": "2025-02-12T14:12:22.796Z",
        "dateUpdated": "2026-06-29T20:37:18.761Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-26600 (GCVE-0-2025-26600)

    Vulnerability from nvd – Published: 2025-02-25 15:55 – Updated: 2026-06-29 20:37
    VLAI
    Title
    Xorg: xwayland: use-after-free in playreleasedevents()
    Summary
    A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2025:2500 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:2502 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:2861 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:2862 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:2865 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:2866 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:2873 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:2874 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:2875 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:2879 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:2880 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:3976 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:7163 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:7165 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:7458 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2025-26600 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2345252 issue-trackingx_refsource_REDHAT
    https://security.netapp.com/advisory/ntap-2025051…
    https://lists.debian.org/debian-lts-announce/2025…
    Impacted products
    Vendor Product Version
    Affected: 0 , < 21.1.16 (semver)
    Affected: 22.0.0 , < 24.1.6 (semver)
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:24.1.5-3.el10_0 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION Unaffected: 0:1.1.0-25.el6_10 , < * (rpm)
        cpe:/o:redhat:rhel_els:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:1.8.0-36.el7_9 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:1.20.4-30.el7_9 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:1.13.1-15.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:1.9.0-15.el8_2.13 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:1.11.0-8.el8_4.12 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service Unaffected: 0:1.11.0-8.el8_4.12 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Unaffected: 0:1.11.0-8.el8_4.12 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:1.12.0-6.el8_6.13 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:1.12.0-6.el8_6.13 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:1.12.0-6.el8_6.13 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:1.12.0-15.el8_8.12 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.14.1-1.el9_5.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.20.11-28.el9_6 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:23.2.7-3.el9_6 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:1.11.0-22.el9_0.13 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:1.12.0-14.el9_2.10 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:1.13.1-8.el9_4.5 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Date Public
    2025-02-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-26600",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-25T16:16:54.221297Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-25T16:17:05.872Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T21:13:07.968Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://security.netapp.com/advisory/ntap-20250516-0005/"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00036.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.freedesktop.org/xorg/xserver/",
              "defaultStatus": "unaffected",
              "packageName": "xserver",
              "versions": [
                {
                  "lessThan": "21.1.16",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.1.6",
                  "status": "affected",
                  "version": "22.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.0"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:24.1.5-3.el10_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:6"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 6 Extended Lifecycle Support  - EXTENSION",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.0-25.el6_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.8.0-36.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.4-30.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.13.1-15.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.9.0-15.el8_2.13",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.11.0-8.el8_4.12",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.11.0-8.el8_4.12",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.11.0-8.el8_4.12",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.12.0-6.el8_6.13",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.12.0-6.el8_6.13",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.12.0-6.el8_6.13",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.12.0-15.el8_8.12",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.14.1-1.el9_5.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-28.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:23.2.7-3.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.11.0-22.el9_0.13",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.12.0-14.el9_2.10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.13.1-8.el9_4.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-02-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T20:37:14.207Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:2500",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:2500"
            },
            {
              "name": "RHSA-2025:2502",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:2502"
            },
            {
              "name": "RHSA-2025:2861",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:2861"
            },
            {
              "name": "RHSA-2025:2862",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:2862"
            },
            {
              "name": "RHSA-2025:2865",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:2865"
            },
            {
              "name": "RHSA-2025:2866",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:2866"
            },
            {
              "name": "RHSA-2025:2873",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:2873"
            },
            {
              "name": "RHSA-2025:2874",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:2874"
            },
            {
              "name": "RHSA-2025:2875",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:2875"
            },
            {
              "name": "RHSA-2025:2879",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:2879"
            },
            {
              "name": "RHSA-2025:2880",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:2880"
            },
            {
              "name": "RHSA-2025:3976",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:3976"
            },
            {
              "name": "RHSA-2025:7163",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7163"
            },
            {
              "name": "RHSA-2025:7165",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7165"
            },
            {
              "name": "RHSA-2025:7458",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7458"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-26600"
            },
            {
              "name": "RHBZ#2345252",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345252"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-02-12T14:15:01.957Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-02-25T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Xorg: xwayland: use-after-free in playreleasedevents()",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-416: Use After Free"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-26600",
        "datePublished": "2025-02-25T15:55:20.421Z",
        "dateReserved": "2025-02-12T14:12:22.796Z",
        "dateUpdated": "2026-06-29T20:37:14.207Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-4948 (GCVE-0-2025-4948)

    Vulnerability from cvelistv5 – Published: 2025-05-19 15:55 – Updated: 2026-06-30 14:27
    VLAI
    Title
    Libsoup: integer underflow in soup_multipart_new_from_message() leading to denial of service in libsoup
    Summary
    A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal calculation can go wrong, leading to an integer underflow. This can cause the program to access invalid memory and crash. As a result, any application or server using libsoup could be forced to exit unexpectedly, creating a denial-of-service (DoS) risk.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-191 - Integer Underflow (Wrap or Wraparound)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Affected: 0 , ≤ 3.6.5 (semver)
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:3.6.5-3.el10_0.6 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:2.62.2-9.el7_9 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:2.62.2-6.el7_9 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.62.3-9.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:2.62.3-1.el8_2.5 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.2::appstream
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:2.62.3-2.el8_4.5 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:2.62.3-2.el8_6.5 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:2.62.3-2.el8_6.5 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:2.62.3-2.el8_6.5 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:2.62.3-3.el8_8.5 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::appstream
        cpe:/o:redhat:rhel_eus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.72.0-10.el9_6.2 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:2.72.0-8.el9_0.5 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:2.72.0-8.el9_2.5 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:2.72.0-8.el9_4.5 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Date Public
    2025-05-19 00:00
    Credits
    Red Hat would like to thank fouzhe and zkbytes for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-4948",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T14:27:25.331569Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T14:27:36.179Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gitlab.gnome.org/GNOME/libsoup/-/work_items/449"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/libsoup",
              "defaultStatus": "unaffected",
              "packageName": "libsoup",
              "versions": [
                {
                  "lessThanOrEqual": "3.6.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.0"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup3",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.6.5-3.el10_0.6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.2-9.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.2-6.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-9.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-9.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.2::appstream",
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-1.el8_2.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_4.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::appstream",
                "cpe:/o:redhat:rhel_eus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-3.el8_8.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-10.el9_6.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_0.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_2.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_4.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank fouzhe and zkbytes for reporting this issue."
            }
          ],
          "datePublic": "2025-05-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal calculation can go wrong, leading to an integer underflow. This can cause the program to access invalid memory and crash. As a result, any application or server using libsoup could be forced to exit unexpectedly, creating a denial-of-service (DoS) risk."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-191",
                  "description": "Integer Underflow (Wrap or Wraparound)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T10:40:26.292Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:21657",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21657"
            },
            {
              "name": "RHSA-2025:8126",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8126"
            },
            {
              "name": "RHSA-2025:8128",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8128"
            },
            {
              "name": "RHSA-2025:8132",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8132"
            },
            {
              "name": "RHSA-2025:8139",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8139"
            },
            {
              "name": "RHSA-2025:8140",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8140"
            },
            {
              "name": "RHSA-2025:8252",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8252"
            },
            {
              "name": "RHSA-2025:8480",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8480"
            },
            {
              "name": "RHSA-2025:8481",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8481"
            },
            {
              "name": "RHSA-2025:8482",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8482"
            },
            {
              "name": "RHSA-2025:8663",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8663"
            },
            {
              "name": "RHSA-2025:9179",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:9179"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-4948"
            },
            {
              "name": "RHBZ#2367183",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367183"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/449"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-05-19T05:22:19.904Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-05-19T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libsoup: integer underflow in soup_multipart_new_from_message() leading to denial of service in libsoup",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this issue, Red Hat recommends avoiding the use of libsoup with untrusted or unauthenticated multipart HTTP message sources until updated packages are available. Administrators can deploy application-level filters or HTTP proxies that reject malformed multipart requests. It is strongly advised to apply vendor-supplied patches as soon as they are released to address this integer underflow vulnerability and restore the stability of affected services."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-191: Integer Underflow (Wrap or Wraparound)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-4948",
        "datePublished": "2025-05-19T15:55:46.230Z",
        "dateReserved": "2025-05-19T06:24:43.391Z",
        "dateUpdated": "2026-06-30T14:27:36.179Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-46421 (GCVE-0-2025-46421)

    Vulnerability from cvelistv5 – Published: 2025-04-24 13:01 – Updated: 2026-06-30 03:06
    VLAI
    Title
    Libsoup: information disclosure may leads libsoup client sends authorization header to a different host when being redirected by a server
    Summary
    A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2025:4439 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:4440 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:4508 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:4538 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:4560 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:4568 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:4609 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:4624 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:7436 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:7505 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2025-46421 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2361962 issue-trackingx_refsource_REDHAT
    https://gitlab.gnome.org/GNOME/libsoup/-/issues/439
    Impacted products
    Vendor Product Version
    Affected: 0 , < 3.6.5 (semver)
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:3.6.5-3.el10_0 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.62.3-8.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:2.62.3-1.el8_2.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.2::appstream
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:2.62.3-2.el8_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service Unaffected: 0:2.62.3-2.el8_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Unaffected: 0:2.62.3-2.el8_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:2.62.3-2.el8_6.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:2.62.3-2.el8_6.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:2.62.3-2.el8_6.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:2.62.3-3.el8_8.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::appstream
        cpe:/o:redhat:rhel_eus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.72.0-10.el9_6.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:2.72.0-8.el9_0.4 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:2.72.0-8.el9_2.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:2.72.0-8.el9_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Date Public
    2025-04-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-46421",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-24T13:12:43.291380Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-29T13:32:41.957Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/libsoup",
              "defaultStatus": "unaffected",
              "packageName": "libsoup",
              "versions": [
                {
                  "lessThan": "3.6.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.0"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup3",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.6.5-3.el10_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-8.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-8.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.2::appstream",
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-1.el8_2.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::appstream",
                "cpe:/o:redhat:rhel_eus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-3.el8_8.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-10.el9_6.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_0.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_2.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-04-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-497",
                  "description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T03:06:47.188Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:4439",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4439"
            },
            {
              "name": "RHSA-2025:4440",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4440"
            },
            {
              "name": "RHSA-2025:4508",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4508"
            },
            {
              "name": "RHSA-2025:4538",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4538"
            },
            {
              "name": "RHSA-2025:4560",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4560"
            },
            {
              "name": "RHSA-2025:4568",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4568"
            },
            {
              "name": "RHSA-2025:4609",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4609"
            },
            {
              "name": "RHSA-2025:4624",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4624"
            },
            {
              "name": "RHSA-2025:7436",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7436"
            },
            {
              "name": "RHSA-2025:7505",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7505"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-46421"
            },
            {
              "name": "RHBZ#2361962",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361962"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/439"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-24T01:35:00.884Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-04-24T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libsoup: information disclosure may leads libsoup client sends authorization header to a different host when being redirected by a server",
          "workarounds": [
            {
              "lang": "en",
              "value": "Currently, no mitigation is available for this vulnerability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-46421",
        "datePublished": "2025-04-24T13:01:24.589Z",
        "dateReserved": "2025-04-24T01:37:42.413Z",
        "dateUpdated": "2026-06-30T03:06:47.188Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-46420 (GCVE-0-2025-46420)

    Vulnerability from cvelistv5 – Published: 2025-04-24 12:58 – Updated: 2026-06-30 03:06
    VLAI
    Title
    Libsoup: memory leak on soup_header_parse_quality_list() via soup-headers.c
    Summary
    A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-401 - Missing Release of Memory after Effective Lifetime
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2025:4439 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:4440 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:4508 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:4538 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:4560 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:4568 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:4609 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:4624 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:7436 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2025-46420 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2361963 issue-trackingx_refsource_REDHAT
    https://gitlab.gnome.org/GNOME/libsoup/-/issues/438
    Impacted products
    Vendor Product Version
    Affected: 0 , < 3.6.3 (semver)
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.62.3-8.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:2.62.3-1.el8_2.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.2::appstream
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:2.62.3-2.el8_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service Unaffected: 0:2.62.3-2.el8_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Unaffected: 0:2.62.3-2.el8_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:2.62.3-2.el8_6.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:2.62.3-2.el8_6.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:2.62.3-2.el8_6.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:2.62.3-3.el8_8.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::appstream
        cpe:/o:redhat:rhel_eus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.72.0-10.el9_6.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:2.72.0-8.el9_0.4 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:2.72.0-8.el9_2.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:2.72.0-8.el9_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Date Public
    2025-04-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-46420",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-24T13:14:47.382231Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-29T13:33:33.836Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/libsoup",
              "defaultStatus": "unaffected",
              "packageName": "libsoup",
              "versions": [
                {
                  "lessThan": "3.6.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-8.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-8.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.2::appstream",
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-1.el8_2.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::appstream",
                "cpe:/o:redhat:rhel_eus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-3.el8_8.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-10.el9_6.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_0.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_2.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "libsoup3",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-04-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "Missing Release of Memory after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T03:06:44.572Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:4439",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4439"
            },
            {
              "name": "RHSA-2025:4440",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4440"
            },
            {
              "name": "RHSA-2025:4508",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4508"
            },
            {
              "name": "RHSA-2025:4538",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4538"
            },
            {
              "name": "RHSA-2025:4560",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4560"
            },
            {
              "name": "RHSA-2025:4568",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4568"
            },
            {
              "name": "RHSA-2025:4609",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4609"
            },
            {
              "name": "RHSA-2025:4624",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4624"
            },
            {
              "name": "RHSA-2025:7436",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7436"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-46420"
            },
            {
              "name": "RHBZ#2361963",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361963"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/438"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-24T01:33:03.009Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-04-24T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libsoup: memory leak on soup_header_parse_quality_list() via soup-headers.c",
          "workarounds": [
            {
              "lang": "en",
              "value": "Currently, no mitigation is available for this vulnerability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-401: Missing Release of Memory after Effective Lifetime"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-46420",
        "datePublished": "2025-04-24T12:58:01.121Z",
        "dateReserved": "2025-04-24T01:37:42.412Z",
        "dateUpdated": "2026-06-30T03:06:44.572Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-32911 (GCVE-0-2025-32911)

    Vulnerability from cvelistv5 – Published: 2025-04-15 15:39 – Updated: 2026-06-29 21:26
    VLAI
    Title
    Libsoup: double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" ghashtable value
    Summary
    A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-590 - Free of Memory not on the Heap
    Assigner
    References
    Impacted products
    Vendor Product Version
    Affected: 0 , < 3.6.3 (semver)
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:2.62.2-9.el7_9 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:2.62.2-6.el7_9 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.62.3-8.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.8-3.el8_10.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:8.10-1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:2.62.3-1.el8_2.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.2::appstream
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:2.62.3-2.el8_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service Unaffected: 0:2.62.3-2.el8_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Unaffected: 0:2.62.3-2.el8_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:2.62.3-2.el8_6.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:2.62.3-2.el8_6.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:2.62.3-2.el8_6.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:2.62.3-3.el8_8.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::appstream
        cpe:/o:redhat:rhel_eus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.72.0-10.el9_6.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:2.72.0-8.el9_0.4 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:2.72.0-8.el9_2.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:2.72.0-8.el9_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Date Public
    2025-04-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32911",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-15T15:57:21.589990Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-15T15:57:38.074Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:53:44.770Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/libsoup/",
              "defaultStatus": "unaffected",
              "packageName": "libsoup",
              "versions": [
                {
                  "lessThan": "3.6.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.2-9.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.2-6.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-8.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/a:redhat:enterprise_linux:8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-freetype",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.8-3.el8_10.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/a:redhat:enterprise_linux:8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "spice-client-win",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.10-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-8.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.2::appstream",
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-1.el8_2.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::appstream",
                "cpe:/o:redhat:rhel_eus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-3.el8_8.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-10.el9_6.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_0.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_2.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "libsoup3",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-04-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-590",
                  "description": "Free of Memory not on the Heap",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T21:26:53.846Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:21657",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21657"
            },
            {
              "name": "RHSA-2025:4439",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4439"
            },
            {
              "name": "RHSA-2025:4440",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4440"
            },
            {
              "name": "RHSA-2025:4508",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4508"
            },
            {
              "name": "RHSA-2025:4538",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4538"
            },
            {
              "name": "RHSA-2025:4560",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4560"
            },
            {
              "name": "RHSA-2025:4568",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4568"
            },
            {
              "name": "RHSA-2025:4609",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4609"
            },
            {
              "name": "RHSA-2025:4624",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4624"
            },
            {
              "name": "RHSA-2025:7436",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7436"
            },
            {
              "name": "RHSA-2025:8292",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8292"
            },
            {
              "name": "RHSA-2025:9179",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:9179"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-32911"
            },
            {
              "name": "RHBZ#2359355",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359355"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/433"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-14T01:21:00.518Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-04-14T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libsoup: double free on  soup_message_headers_get_content_disposition() through  \"soup-message-headers.c\" via \"params\" ghashtable value",
          "workarounds": [
            {
              "lang": "en",
              "value": "Currently, no mitigation is available for this vulnerability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-590: Free of Memory not on the Heap"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-32911",
        "datePublished": "2025-04-15T15:39:34.919Z",
        "dateReserved": "2025-04-14T01:59:13.827Z",
        "dateUpdated": "2026-06-29T21:26:53.846Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-32914 (GCVE-0-2025-32914)

    Vulnerability from cvelistv5 – Published: 2025-04-14 14:45 – Updated: 2026-06-30 00:34
    VLAI
    Title
    Libsoup: oob read on libsoup through function "soup_multipart_new_from_message" in soup-multipart.c leads to crash or exit of process
    Summary
    A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Affected: 0 , < 3.6.5 (semver)
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:3.6.5-3.el10_0 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:2.62.2-9.el7_9 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:2.62.2-6.el7_9 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.62.3-9.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:2.62.3-1.el8_2.5 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.2::appstream
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:2.62.3-2.el8_4.5 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:2.62.3-2.el8_6.5 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:2.62.3-2.el8_6.5 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:2.62.3-2.el8_6.5 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:2.62.3-3.el8_8.5 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::appstream
        cpe:/o:redhat:rhel_eus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.72.0-10.el9_6.2 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:2.72.0-8.el9_0.5 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:2.72.0-8.el9_2.5 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:2.72.0-8.el9_4.5 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Date Public
    2025-04-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32914",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T15:05:22.790979Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-14T15:05:37.281Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:53:48.959Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/libsoup/",
              "defaultStatus": "unaffected",
              "packageName": "libsoup",
              "versions": [
                {
                  "lessThan": "3.6.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.0"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup3",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.6.5-3.el10_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.2-9.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.2-6.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-9.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-9.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.2::appstream",
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-1.el8_2.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_4.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::appstream",
                "cpe:/o:redhat:rhel_eus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-3.el8_8.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-10.el9_6.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_0.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_2.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_4.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-04-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T00:34:22.983Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:21657",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21657"
            },
            {
              "name": "RHSA-2025:7505",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7505"
            },
            {
              "name": "RHSA-2025:8126",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8126"
            },
            {
              "name": "RHSA-2025:8132",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8132"
            },
            {
              "name": "RHSA-2025:8139",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8139"
            },
            {
              "name": "RHSA-2025:8140",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8140"
            },
            {
              "name": "RHSA-2025:8252",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8252"
            },
            {
              "name": "RHSA-2025:8480",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8480"
            },
            {
              "name": "RHSA-2025:8481",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8481"
            },
            {
              "name": "RHSA-2025:8482",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8482"
            },
            {
              "name": "RHSA-2025:8663",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8663"
            },
            {
              "name": "RHSA-2025:9179",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:9179"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-32914"
            },
            {
              "name": "RHBZ#2359358",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359358"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/436"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-14T01:21:01.384Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-04-14T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libsoup: oob read on libsoup through function  \"soup_multipart_new_from_message\" in soup-multipart.c leads to crash or  exit of process",
          "workarounds": [
            {
              "lang": "en",
              "value": "Currently, no mitigation is available for this vulnerability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-125: Out-of-bounds Read"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-32914",
        "datePublished": "2025-04-14T14:45:46.300Z",
        "dateReserved": "2025-04-14T01:59:13.828Z",
        "dateUpdated": "2026-06-30T00:34:22.983Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-32906 (GCVE-0-2025-32906)

    Vulnerability from cvelistv5 – Published: 2025-04-14 13:58 – Updated: 2026-06-29 20:39
    VLAI
    Title
    Libsoup: out of bounds reads in soup_headers_parse_request()
    Summary
    A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Affected: 0 , < 3.6.5 (semver)
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:3.6.5-3.el10_0 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:2.62.2-9.el7_9 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:2.62.2-6.el7_9 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.62.3-8.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.8-3.el8_10.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:8.10-1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:2.62.3-1.el8_2.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.2::appstream
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:2.62.3-2.el8_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service Unaffected: 0:2.62.3-2.el8_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Unaffected: 0:2.62.3-2.el8_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:2.62.3-2.el8_6.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:2.62.3-2.el8_6.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:2.62.3-2.el8_6.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:2.62.3-3.el8_8.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::appstream
        cpe:/o:redhat:rhel_eus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.72.0-10.el9_6.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:2.72.0-8.el9_0.4 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:2.72.0-8.el9_2.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:2.72.0-8.el9_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Date Public
    2025-04-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32906",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T14:13:49.519508Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-14T18:06:07.759Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:53:40.598Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/libsoup/",
              "defaultStatus": "unaffected",
              "packageName": "libsoup",
              "versions": [
                {
                  "lessThan": "3.6.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.0"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup3",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.6.5-3.el10_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.2-9.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.2-6.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-8.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/a:redhat:enterprise_linux:8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-freetype",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.8-3.el8_10.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/a:redhat:enterprise_linux:8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "spice-client-win",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.10-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-8.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.2::appstream",
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-1.el8_2.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::appstream",
                "cpe:/o:redhat:rhel_eus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-3.el8_8.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-10.el9_6.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_0.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_2.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-04-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T20:39:25.195Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:21657",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21657"
            },
            {
              "name": "RHSA-2025:4439",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4439"
            },
            {
              "name": "RHSA-2025:4440",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4440"
            },
            {
              "name": "RHSA-2025:4508",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4508"
            },
            {
              "name": "RHSA-2025:4538",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4538"
            },
            {
              "name": "RHSA-2025:4560",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4560"
            },
            {
              "name": "RHSA-2025:4568",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4568"
            },
            {
              "name": "RHSA-2025:4609",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4609"
            },
            {
              "name": "RHSA-2025:4624",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4624"
            },
            {
              "name": "RHSA-2025:7436",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7436"
            },
            {
              "name": "RHSA-2025:7505",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7505"
            },
            {
              "name": "RHSA-2025:8292",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8292"
            },
            {
              "name": "RHSA-2025:9179",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:9179"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-32906"
            },
            {
              "name": "RHBZ#2359341",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359341"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/404"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-14T01:27:05.130Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-04-14T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libsoup: out of bounds reads in soup_headers_parse_request()",
          "workarounds": [
            {
              "lang": "en",
              "value": "Currently, no mitigation was found for this vulnerability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-125: Out-of-bounds Read"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-32906",
        "datePublished": "2025-04-14T13:58:39.718Z",
        "dateReserved": "2025-04-14T01:37:48.152Z",
        "dateUpdated": "2026-06-29T20:39:25.195Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-32913 (GCVE-0-2025-32913)

    Vulnerability from cvelistv5 – Published: 2025-04-14 13:37 – Updated: 2026-06-29 20:39
    VLAI
    Title
    Libsoup: null pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in content-disposition header
    Summary
    A flaw was found in libsoup, where the soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    References
    Impacted products
    Vendor Product Version
    Affected: 0 , < 3.6.2 (semver)
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:2.62.2-9.el7_9 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:2.62.2-6.el7_9 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.62.3-8.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.8-3.el8_10.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:8.10-1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:2.62.3-1.el8_2.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.2::appstream
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:2.62.3-2.el8_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service Unaffected: 0:2.62.3-2.el8_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Unaffected: 0:2.62.3-2.el8_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:2.62.3-2.el8_6.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:2.62.3-2.el8_6.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:2.62.3-2.el8_6.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:2.62.3-3.el8_8.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::appstream
        cpe:/o:redhat:rhel_eus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.72.0-10.el9_6.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:2.72.0-8.el9_0.4 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:2.72.0-8.el9_2.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:2.72.0-8.el9_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Date Public
    2025-04-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32913",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T13:54:02.941942Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-14T13:54:31.425Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:53:47.523Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/libsoup/",
              "defaultStatus": "unaffected",
              "packageName": "libsoup",
              "versions": [
                {
                  "lessThan": "3.6.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.2-9.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.2-6.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-8.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/a:redhat:enterprise_linux:8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-freetype",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.8-3.el8_10.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/a:redhat:enterprise_linux:8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "spice-client-win",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.10-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-8.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.2::appstream",
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-1.el8_2.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::appstream",
                "cpe:/o:redhat:rhel_eus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-3.el8_8.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-10.el9_6.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_0.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_2.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "libsoup3",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-04-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in libsoup, where the soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T20:39:38.676Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:21657",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21657"
            },
            {
              "name": "RHSA-2025:4439",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4439"
            },
            {
              "name": "RHSA-2025:4440",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4440"
            },
            {
              "name": "RHSA-2025:4508",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4508"
            },
            {
              "name": "RHSA-2025:4538",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4538"
            },
            {
              "name": "RHSA-2025:4560",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4560"
            },
            {
              "name": "RHSA-2025:4568",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4568"
            },
            {
              "name": "RHSA-2025:4609",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4609"
            },
            {
              "name": "RHSA-2025:4624",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4624"
            },
            {
              "name": "RHSA-2025:7436",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7436"
            },
            {
              "name": "RHSA-2025:8292",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8292"
            },
            {
              "name": "RHSA-2025:9179",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:9179"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-32913"
            },
            {
              "name": "RHBZ#2359357",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359357"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/435"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-14T01:21:01.010Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-04-14T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libsoup: null pointer dereference in  soup_message_headers_get_content_disposition when \"filename\" parameter  is present, but has no value in content-disposition header",
          "workarounds": [
            {
              "lang": "en",
              "value": "Currently, no mitigation is available for this vulnerability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-32913",
        "datePublished": "2025-04-14T13:37:36.587Z",
        "dateReserved": "2025-04-14T01:59:13.827Z",
        "dateUpdated": "2026-06-29T20:39:38.676Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-32053 (GCVE-0-2025-32053)

    Vulnerability from cvelistv5 – Published: 2025-04-03 13:37 – Updated: 2026-06-30 00:33
    VLAI
    Title
    Libsoup: heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space()
    Summary
    A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 0 , < 3.6.1 (semver)
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.62.3-8.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.8-3.el8_10.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:8.10-1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:2.62.3-3.el8_8.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::appstream
        cpe:/o:redhat:rhel_eus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.72.0-10.el9_6.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:2.72.0-8.el9_2.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:2.72.0-8.el9_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Date Public
    2025-04-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32053",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-03T14:04:01.420300Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-03T14:04:16.262Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:53:16.968Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/libsoup/",
              "defaultStatus": "unaffected",
              "packageName": "libsoup",
              "versions": [
                {
                  "lessThan": "3.6.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-8.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/a:redhat:enterprise_linux:8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-freetype",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.8-3.el8_10.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/a:redhat:enterprise_linux:8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "spice-client-win",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.10-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-8.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::appstream",
                "cpe:/o:redhat:rhel_eus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-3.el8_8.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-10.el9_6.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_2.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "libsoup3",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-04-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-126",
                  "description": "Buffer Over-read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T00:33:56.673Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:4440",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4440"
            },
            {
              "name": "RHSA-2025:4508",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4508"
            },
            {
              "name": "RHSA-2025:4560",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4560"
            },
            {
              "name": "RHSA-2025:4568",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4568"
            },
            {
              "name": "RHSA-2025:7436",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7436"
            },
            {
              "name": "RHSA-2025:8292",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8292"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-32053"
            },
            {
              "name": "RHBZ#2357070",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357070"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/426"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-03T01:16:47.321Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-04-03T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libsoup: heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space()",
          "workarounds": [
            {
              "lang": "en",
              "value": "No mitigation is currently available for this vulnerability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-126: Buffer Over-read"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-32053",
        "datePublished": "2025-04-03T13:37:39.054Z",
        "dateReserved": "2025-04-03T01:42:14.135Z",
        "dateUpdated": "2026-06-30T00:33:56.673Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-32052 (GCVE-0-2025-32052)

    Vulnerability from cvelistv5 – Published: 2025-04-03 13:37 – Updated: 2026-06-30 00:33
    VLAI
    Title
    Libsoup: heap buffer overflow in sniff_unknown()
    Summary
    A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 0 , < 3.6.1 (semver)
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.62.3-8.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.8-3.el8_10.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:8.10-1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:2.62.3-3.el8_8.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::appstream
        cpe:/o:redhat:rhel_eus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.72.0-10.el9_6.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:2.72.0-8.el9_2.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:2.72.0-8.el9_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Date Public
    2025-04-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32052",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-03T14:44:39.371468Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-03T14:45:08.025Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:53:15.629Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/libsoup/",
              "defaultStatus": "unaffected",
              "packageName": "libsoup",
              "versions": [
                {
                  "lessThan": "3.6.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-8.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/a:redhat:enterprise_linux:8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-freetype",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.8-3.el8_10.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/a:redhat:enterprise_linux:8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "spice-client-win",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.10-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-8.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::appstream",
                "cpe:/o:redhat:rhel_eus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-3.el8_8.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-10.el9_6.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_2.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "libsoup3",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-04-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-126",
                  "description": "Buffer Over-read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T00:33:56.608Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:4440",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4440"
            },
            {
              "name": "RHSA-2025:4508",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4508"
            },
            {
              "name": "RHSA-2025:4560",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4560"
            },
            {
              "name": "RHSA-2025:4568",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4568"
            },
            {
              "name": "RHSA-2025:7436",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7436"
            },
            {
              "name": "RHSA-2025:8292",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8292"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-32052"
            },
            {
              "name": "RHBZ#2357069",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357069"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/425"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-03T01:16:47.177Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-04-03T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libsoup: heap buffer overflow in sniff_unknown()",
          "workarounds": [
            {
              "lang": "en",
              "value": "No mitigation is currently available for this vulnerability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-126: Buffer Over-read"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-32052",
        "datePublished": "2025-04-03T13:37:23.109Z",
        "dateReserved": "2025-04-03T01:42:14.135Z",
        "dateUpdated": "2026-06-30T00:33:56.608Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-32050 (GCVE-0-2025-32050)

    Vulnerability from cvelistv5 – Published: 2025-04-03 13:36 – Updated: 2026-06-30 00:33
    VLAI
    Title
    Libsoup: integer overflow in append_param_quoted
    Summary
    A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 0 , < 3.6.1 (semver)
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.62.3-8.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.8-3.el8_10.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:8.10-1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:2.62.3-3.el8_8.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::appstream
        cpe:/o:redhat:rhel_eus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.72.0-10.el9_6.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:2.72.0-8.el9_2.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:2.72.0-8.el9_4.4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Date Public
    2025-04-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32050",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-03T14:56:24.491360Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-03T14:57:28.366Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:53:14.249Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/libsoup/",
              "defaultStatus": "unaffected",
              "packageName": "libsoup",
              "versions": [
                {
                  "lessThan": "3.6.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-8.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/a:redhat:enterprise_linux:8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-freetype",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.8-3.el8_10.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/a:redhat:enterprise_linux:8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "spice-client-win",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.10-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-8.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::appstream",
                "cpe:/o:redhat:rhel_eus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-3.el8_8.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-10.el9_6.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_2.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_4.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "libsoup3",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-04-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-127",
                  "description": "Buffer Under-read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T00:33:51.130Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:4440",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4440"
            },
            {
              "name": "RHSA-2025:4508",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4508"
            },
            {
              "name": "RHSA-2025:4560",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4560"
            },
            {
              "name": "RHSA-2025:4568",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4568"
            },
            {
              "name": "RHSA-2025:7436",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7436"
            },
            {
              "name": "RHSA-2025:8292",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8292"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-32050"
            },
            {
              "name": "RHBZ#2357067",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357067"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/424"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-03T01:17:42.454Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-04-03T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libsoup: integer overflow in append_param_quoted",
          "workarounds": [
            {
              "lang": "en",
              "value": "No mitigation is currently available for this vulnerability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-127: Buffer Under-read"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-32050",
        "datePublished": "2025-04-03T13:36:29.141Z",
        "dateReserved": "2025-04-03T01:42:14.135Z",
        "dateUpdated": "2026-06-30T00:33:51.130Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-32049 (GCVE-0-2025-32049)

    Vulnerability from cvelistv5 – Published: 2025-04-03 13:36 – Updated: 2026-06-30 00:33
    VLAI
    Title
    Libsoup: denial of service attack to websocket server
    Summary
    A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    References
    Impacted products
    Vendor Product Version
    Affected: 0 , ≤ 3.6.4 (semver)
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:3.6.5-3.el10_0.6 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:2.62.2-9.el7_9 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:2.62.2-6.el7_9 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.62.3-9.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:2.62.3-1.el8_2.5 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.2::appstream
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:2.62.3-2.el8_4.5 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:2.62.3-2.el8_6.5 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:2.62.3-2.el8_6.5 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:2.62.3-2.el8_6.5 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:2.62.3-3.el8_8.5 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::appstream
        cpe:/o:redhat:rhel_eus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.72.0-10.el9_6.2 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:2.72.0-8.el9_0.5 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:2.72.0-8.el9_2.5 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:2.72.0-8.el9_4.5 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Date Public
    2025-04-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32049",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-03T14:58:16.040953Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-03T14:58:32.619Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/libsoup/",
              "defaultStatus": "unknown",
              "packageName": "libsoup",
              "versions": [
                {
                  "lessThanOrEqual": "3.6.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.0"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup3",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.6.5-3.el10_0.6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.2-9.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.2-6.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-9.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-9.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.2::appstream",
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-1.el8_2.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_4.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::appstream",
                "cpe:/o:redhat:rhel_eus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-3.el8_8.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-10.el9_6.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_0.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_2.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_4.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-04-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS)."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T00:33:49.421Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:21657",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21657"
            },
            {
              "name": "RHSA-2025:8126",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8126"
            },
            {
              "name": "RHSA-2025:8128",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8128"
            },
            {
              "name": "RHSA-2025:8132",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8132"
            },
            {
              "name": "RHSA-2025:8139",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8139"
            },
            {
              "name": "RHSA-2025:8140",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8140"
            },
            {
              "name": "RHSA-2025:8252",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8252"
            },
            {
              "name": "RHSA-2025:8480",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8480"
            },
            {
              "name": "RHSA-2025:8481",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8481"
            },
            {
              "name": "RHSA-2025:8482",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8482"
            },
            {
              "name": "RHSA-2025:8663",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8663"
            },
            {
              "name": "RHSA-2025:9179",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:9179"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-32049"
            },
            {
              "name": "RHBZ#2357066",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357066"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/390"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/408"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-03T01:16:46.830Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-04-03T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libsoup: denial of service attack to websocket server",
          "workarounds": [
            {
              "lang": "en",
              "value": "No mitigation is currently available for this vulnerability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-770: Allocation of Resources Without Limits or Throttling"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-32049",
        "datePublished": "2025-04-03T13:36:13.035Z",
        "dateReserved": "2025-04-03T01:42:14.134Z",
        "dateUpdated": "2026-06-30T00:33:49.421Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-3155 (GCVE-0-2025-3155)

    Vulnerability from cvelistv5 – Published: 2025-04-03 13:34 – Updated: 2026-06-29 20:36
    VLAI
    Title
    Yelp: arbitrary file read
    Summary
    A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 0 , < 42.2-8 (rpm)
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 2:3.28.1-3.el8_10.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:3.28.0-2.el8_10.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 2:3.28.1-3.el8_2.1 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 2:3.28.1-3.el8_4.1 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service Unaffected: 2:3.28.1-3.el8_4.1 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Unaffected: 2:3.28.1-3.el8_4.1 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 2:3.28.1-3.el8_6.1 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 2:3.28.1-3.el8_6.1 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 2:3.28.1-3.el8_6.1 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 2:3.28.1-3.el8_8.1 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::appstream
        cpe:/a:redhat:rhel_eus:8.8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 2:40.3-2.el9_6.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 2:40.3-2.el9_0.1 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 2:40.3-2.el9_2.1 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
        cpe:/a:redhat:rhel_eus:9.2::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 2:40.3-2.el9_4.1 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
        cpe:/a:redhat:rhel_eus:9.4::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Date Public
    2025-04-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3155",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-08T12:58:45.628086Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-08T12:59:45.505Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gist.github.com/parrot409/e970b155358d45b298d7024edd9b17f2"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-05-28T20:03:22.994Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/04/04/1"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00036.html"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00037.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/yelp/",
              "defaultStatus": "unaffected",
              "packageName": "yelp",
              "versions": [
                {
                  "lessThan": "42.2-8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/a:redhat:enterprise_linux:8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:3.28.1-3.el8_10.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/a:redhat:enterprise_linux:8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp-xsl",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.28.0-2.el8_10.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:3.28.1-3.el8_2.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:3.28.1-3.el8_4.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:3.28.1-3.el8_4.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:3.28.1-3.el8_4.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:3.28.1-3.el8_6.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:3.28.1-3.el8_6.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:3.28.1-3.el8_6.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::appstream",
                "cpe:/a:redhat:rhel_eus:8.8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:3.28.1-3.el8_8.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:40.3-2.el9_6.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:40.3-2.el9_0.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream",
                "cpe:/a:redhat:rhel_eus:9.2::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:40.3-2.el9_2.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream",
                "cpe:/a:redhat:rhel_eus:9.4::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:40.3-2.el9_4.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp-xsl",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp-xsl",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-04-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T20:36:07.629Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:4450",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4450"
            },
            {
              "name": "RHSA-2025:4451",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4451"
            },
            {
              "name": "RHSA-2025:4455",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4455"
            },
            {
              "name": "RHSA-2025:4456",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4456"
            },
            {
              "name": "RHSA-2025:4457",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4457"
            },
            {
              "name": "RHSA-2025:4505",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4505"
            },
            {
              "name": "RHSA-2025:4532",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4532"
            },
            {
              "name": "RHSA-2025:7430",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7430"
            },
            {
              "name": "RHSA-2025:7569",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7569"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-3155"
            },
            {
              "name": "RHBZ#2357091",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357091"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/yelp/-/issues/221"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-03T01:57:56.192Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-04-03T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Yelp: arbitrary file read",
          "workarounds": [
            {
              "lang": "en",
              "value": "Currently, no mitigation is available for this vulnerability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-3155",
        "datePublished": "2025-04-03T13:34:18.878Z",
        "dateReserved": "2025-04-03T02:00:30.674Z",
        "dateUpdated": "2026-06-29T20:36:07.629Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-2784 (GCVE-0-2025-2784)

    Vulnerability from cvelistv5 – Published: 2025-04-03 01:40 – Updated: 2026-06-30 03:15
    VLAI
    Title
    Libsoup: heap buffer over-read in `skip_insignificant_space` when sniffing content
    Summary
    A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Affected: 0 , < 3.6.5 (semver)
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:3.6.5-3.el10_0 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:2.62.2-9.el7_9 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:2.62.2-6.el7_9 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.62.3-9.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:2.62.3-1.el8_2.5 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.2::appstream
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:2.62.3-2.el8_4.5 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:2.62.3-2.el8_6.5 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:2.62.3-2.el8_6.5 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:2.62.3-2.el8_6.5 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:2.62.3-3.el8_8.5 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::appstream
        cpe:/o:redhat:rhel_eus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.72.0-10.el9_6.2 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:2.72.0-8.el9_0.5 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:2.72.0-8.el9_2.5 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:2.72.0-8.el9_4.5 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Date Public
    2025-03-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2784",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-03T13:36:03.192367Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-03T13:36:07.757Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/422"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:46:38.418Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/libsoup/",
              "defaultStatus": "unaffected",
              "packageName": "libsoup",
              "versions": [
                {
                  "lessThan": "3.6.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.0"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup3",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.6.5-3.el10_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.2-9.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.2-6.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-9.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-9.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.2::appstream",
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-1.el8_2.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_4.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-2.el8_6.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::appstream",
                "cpe:/o:redhat:rhel_eus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.62.3-3.el8_8.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-10.el9_6.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_0.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_2.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.72.0-8.el9_4.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "libsoup",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-03-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T03:15:48.386Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:21657",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21657"
            },
            {
              "name": "RHSA-2025:7505",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7505"
            },
            {
              "name": "RHSA-2025:8126",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8126"
            },
            {
              "name": "RHSA-2025:8132",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8132"
            },
            {
              "name": "RHSA-2025:8139",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8139"
            },
            {
              "name": "RHSA-2025:8140",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8140"
            },
            {
              "name": "RHSA-2025:8252",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8252"
            },
            {
              "name": "RHSA-2025:8480",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8480"
            },
            {
              "name": "RHSA-2025:8481",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8481"
            },
            {
              "name": "RHSA-2025:8482",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8482"
            },
            {
              "name": "RHSA-2025:8663",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8663"
            },
            {
              "name": "RHSA-2025:9179",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:9179"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-2784"
            },
            {
              "name": "RHBZ#2354669",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2354669"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/422"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-03-25T01:57:31.752Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-03-25T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libsoup: heap buffer over-read in `skip_insignificant_space` when sniffing content",
          "workarounds": [
            {
              "lang": "en",
              "value": "Currently no mitigation is available for this vulnerability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-125: Out-of-bounds Read"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-2784",
        "datePublished": "2025-04-03T01:40:12.164Z",
        "dateReserved": "2025-03-25T01:57:20.112Z",
        "dateUpdated": "2026-06-30T03:15:48.386Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-8176 (GCVE-0-2024-8176)

    Vulnerability from cvelistv5 – Published: 2025-03-14 08:19 – Updated: 2026-06-29 23:24
    VLAI
    Title
    Libexpat: expat: improper restriction of xml entity expansion depth in libexpat
    Summary
    A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2025:13681 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22033 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22034 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22035 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22607 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22785 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22842 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22871 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:3531 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:3734 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:3913 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:4048 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:4446 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:4447 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:4448 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:4449 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:7444 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:7512 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:8385 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-8176 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2310137 issue-trackingx_refsource_REDHAT
    https://github.com/libexpat/libexpat/issues/893
    https://github.com/libexpat/libexpat/pull/973
    http://www.openwall.com/lists/oss-security/2025/03/15/1
    https://blog.hartwork.org/posts/expat-2-7-0-released/
    https://github.com/libexpat/libexpat/blob/R_2_7_0…
    https://bugzilla.suse.com/show_bug.cgi?id=1239618
    https://ubuntu.com/security/CVE-2024-8176
    https://security-tracker.debian.org/tracker/CVE-2…
    https://gitlab.alpinelinux.org/alpine/aports/-/co…
    https://security.netapp.com/advisory/ntap-2025032…
    https://www.kb.cert.org/vuls/id/760160
    http://seclists.org/fulldisclosure/2025/May/12
    http://seclists.org/fulldisclosure/2025/May/11
    http://seclists.org/fulldisclosure/2025/May/10
    http://seclists.org/fulldisclosure/2025/May/8
    http://seclists.org/fulldisclosure/2025/May/7
    http://seclists.org/fulldisclosure/2025/May/6
    http://www.openwall.com/lists/oss-security/2025/0…
    Impacted products
    Vendor Product Version
    Affected: 0 , < 2.7.0 (semver)
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:2.7.1-1.el10_0 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.2.5-17.el8_10 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:1.51.0-11.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::crb
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:2.2.10-1.el8_2 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:1.51.0-5.el8_2.2 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:2.2.10-1.el8_4 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:1.51.0-5.el8_4.2 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Unaffected: 0:2.2.10-1.el8_4 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service Unaffected: 0:1.51.0-5.el8_4.2 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Unaffected: 0:1.51.0-5.el8_4.2 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:2.2.10-1.el8_6 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:1.51.0-6.el8_6.1 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:2.2.10-1.el8_6 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:1.51.0-6.el8_6.1 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:2.2.10-1.el8_6 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:1.51.0-6.el8_6.1 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:1.51.0-8.el8_8.1 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::crb
        cpe:/o:redhat:rhel_eus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Telecommunications Update Service Unaffected: 0:2.2.10-1.el8_8 , < * (rpm)
        cpe:/o:redhat:rhel_e4s:8.8::baseos
        cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Unaffected: 0:2.2.10-1.el8_8 , < * (rpm)
        cpe:/o:redhat:rhel_e4s:8.8::baseos
        cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.5.0-3.el9_5.3 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.5.0-5.el9_6 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:2.2.10-12.el9_0.4 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
        cpe:/o:redhat:rhel_e4s:9.0::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Unaffected: 0:2.5.0-1.el9_2.3 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.2::appstream
        cpe:/o:redhat:rhel_e4s:9.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:2.5.0-2.el9_4.3 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
        cpe:/o:redhat:rhel_eus:9.4::baseos
    Create a notification for this product.
    Red Hat Red Hat JBoss Core Services 2.4.62.SP1     cpe:/a:redhat:jboss_core_services:1
    Create a notification for this product.
    Red Hat DevWorkspace Operator 0.33 Unaffected: 0.33-1744075017 , < * (rpm)
        cpe:/a:redhat:devworkspace:0.33::el9
    Create a notification for this product.
    Red Hat Red Hat Discovery 1.14 Unaffected: 1.14.3-1748529279 , < * (rpm)
        cpe:/a:redhat:discovery:1.14::el9
    Create a notification for this product.
    Red Hat Red Hat Discovery 1.14 Unaffected: 1.14.2-1748467619 , < * (rpm)
        cpe:/a:redhat:discovery:1.14::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Date Public
    2025-03-13 13:51
    Credits
    This issue was discovered by Jann Horn (Google Project Zero), Sandipan Roy (Red Hat), Sebastian Pipping (libexpat), and Tomas Korbar (Red Hat).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8176",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-14T13:13:22.690073Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-14T13:14:00.908Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T21:09:04.638Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/03/15/1"
              },
              {
                "url": "https://blog.hartwork.org/posts/expat-2-7-0-released/"
              },
              {
                "url": "https://github.com/libexpat/libexpat/blob/R_2_7_0/expat/Changes#L40-L52"
              },
              {
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1239618"
              },
              {
                "url": "https://ubuntu.com/security/CVE-2024-8176"
              },
              {
                "url": "https://security-tracker.debian.org/tracker/CVE-2024-8176"
              },
              {
                "url": "https://gitlab.alpinelinux.org/alpine/aports/-/commit/d068c3ff36fc6f4789988a09c69b434db757db53"
              },
              {
                "url": "https://security.netapp.com/advisory/ntap-20250328-0009/"
              },
              {
                "url": "https://www.kb.cert.org/vuls/id/760160"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/May/12"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/May/11"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/May/10"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/May/8"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/May/7"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/May/6"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/09/24/11"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/libexpat/libexpat/",
              "defaultStatus": "unaffected",
              "packageName": "libexpat",
              "versions": [
                {
                  "lessThan": "2.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.0"
              ],
              "defaultStatus": "affected",
              "packageName": "expat",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.7.1-1.el10_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "expat",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.5-17.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::crb",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "xmlrpc-c",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.51.0-11.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "expat",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.10-1.el8_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "xmlrpc-c",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.51.0-5.el8_2.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "expat",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.10-1.el8_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "xmlrpc-c",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.51.0-5.el8_4.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "expat",
              "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.10-1.el8_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "xmlrpc-c",
              "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.51.0-5.el8_4.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "xmlrpc-c",
              "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.51.0-5.el8_4.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "expat",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.10-1.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "xmlrpc-c",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.51.0-6.el8_6.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "expat",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.10-1.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "xmlrpc-c",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.51.0-6.el8_6.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "expat",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.10-1.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "xmlrpc-c",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.51.0-6.el8_6.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::crb",
                "cpe:/o:redhat:rhel_eus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "xmlrpc-c",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.51.0-8.el8_8.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_e4s:8.8::baseos",
                "cpe:/o:redhat:rhel_tus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "expat",
              "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.10-1.el8_8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_e4s:8.8::baseos",
                "cpe:/o:redhat:rhel_tus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "expat",
              "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.10-1.el8_8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "expat",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.5.0-3.el9_5.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "expat",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.5.0-5.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "expat",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.5.0-3.el9_5.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "expat",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.5.0-5.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream",
                "cpe:/o:redhat:rhel_e4s:9.0::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "expat",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.10-12.el9_0.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.2::appstream",
                "cpe:/o:redhat:rhel_e4s:9.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "expat",
              "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.5.0-1.el9_2.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream",
                "cpe:/o:redhat:rhel_eus:9.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "expat",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.5.0-2.el9_4.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_core_services:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "expat",
              "product": "Red Hat JBoss Core Services 2.4.62.SP1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:devworkspace:0.33::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "devworkspace/devworkspace-project-clone-rhel9",
              "product": "DevWorkspace Operator 0.33",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0.33-1744075017",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:discovery:1.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "discovery/discovery-server-rhel9",
              "product": "Red Hat Discovery 1.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.14.3-1748529279",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:discovery:1.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "discovery/discovery-ui-rhel9",
              "product": "Red Hat Discovery 1.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.14.2-1748467619",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "compat-expat1",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "expat",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "expat",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "firefox",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "thunderbird",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "firefox",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "lua-expat",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-expat",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "thunderbird",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "firefox",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "firefox:flatpak/firefox",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "thunderbird",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "thunderbird:flatpak/thunderbird",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Jann Horn (Google Project Zero), Sandipan Roy (Red Hat), Sebastian Pipping (libexpat), and Tomas Korbar (Red Hat)."
            }
          ],
          "datePublic": "2025-03-13T13:51:54.957Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-674",
                  "description": "Uncontrolled Recursion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T23:24:12.917Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:13681",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:13681"
            },
            {
              "name": "RHSA-2025:22033",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22033"
            },
            {
              "name": "RHSA-2025:22034",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22034"
            },
            {
              "name": "RHSA-2025:22035",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22035"
            },
            {
              "name": "RHSA-2025:22607",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22607"
            },
            {
              "name": "RHSA-2025:22785",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22785"
            },
            {
              "name": "RHSA-2025:22842",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22842"
            },
            {
              "name": "RHSA-2025:22871",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22871"
            },
            {
              "name": "RHSA-2025:3531",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:3531"
            },
            {
              "name": "RHSA-2025:3734",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:3734"
            },
            {
              "name": "RHSA-2025:3913",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:3913"
            },
            {
              "name": "RHSA-2025:4048",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4048"
            },
            {
              "name": "RHSA-2025:4446",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4446"
            },
            {
              "name": "RHSA-2025:4447",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4447"
            },
            {
              "name": "RHSA-2025:4448",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4448"
            },
            {
              "name": "RHSA-2025:4449",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4449"
            },
            {
              "name": "RHSA-2025:7444",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7444"
            },
            {
              "name": "RHSA-2025:7512",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7512"
            },
            {
              "name": "RHSA-2025:8385",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8385"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-8176"
            },
            {
              "name": "RHBZ#2310137",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310137"
            },
            {
              "url": "https://github.com/libexpat/libexpat/issues/893"
            },
            {
              "url": "https://github.com/libexpat/libexpat/pull/973"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-06-12T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-03-13T13:51:54.957Z",
              "value": "Made public."
            }
          ],
          "title": "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-674: Uncontrolled Recursion"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-8176",
        "datePublished": "2025-03-14T08:19:48.962Z",
        "dateReserved": "2024-08-26T12:36:40.985Z",
        "dateUpdated": "2026-06-29T23:24:12.917Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }