Heap Buffer Over-read in Libsoup Affects Multiple Clients
CVE-2025-2784

7HIGH

Key Information:

Vendor
Red Hat
Status
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9
Vendor
CVE Published:
3 April 2025

Summary

A flaw exists in the Libsoup library, which is responsible for handling HTTP requests and responses. This vulnerability allows for a heap buffer over-read in the skip_insight_whitespace() function. When Libsoup clients process crafted HTTP responses from a malicious server, they may inadvertently read data beyond the allocated buffer. This could potentially expose sensitive information or result in unexpected behavior, highlighting the importance of patching and securing applications that utilize Libsoup.

References

https://access.redhat.com/security/cve/CVE-2025-2784
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2354669
issue-trackingx_refsource_REDHAT
https://gitlab.gnome.org/GNOME/libsoup/-/issues/422

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.