Heap Buffer Over-read in Libsoup Affects Multiple Clients
CVE-2025-2784

6.5MEDIUM

Key Information:

Vendor

Gnome
Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 7 Extended Lifecycle Support
Red Hat Enterprise Linux 8
Vendor
CVE Published:
3 April 2025

What is CVE-2025-2784?

A flaw exists in the Libsoup library, which is responsible for handling HTTP requests and responses. This vulnerability allows for a heap buffer over-read in the skip_insight_whitespace() function. When Libsoup clients process crafted HTTP responses from a malicious server, they may inadvertently read data beyond the allocated buffer. This could potentially expose sensitive information or result in unexpected behavior, highlighting the importance of patching and securing applications that utilize Libsoup.

References

https://access.redhat.com/errata/RHSA-2025:7505
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:8126
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:8132
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.