Heap Buffer Over-read in Libsoup Affects Multiple Clients
CVE-2025-2784

7HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9
Vendor: CVE Published:; 3 April 2025

What is CVE-2025-2784?

A flaw exists in the Libsoup library, which is responsible for handling HTTP requests and responses. This vulnerability allows for a heap buffer over-read in the skip_insight_whitespace() function. When Libsoup clients process crafted HTTP responses from a malicious server, they may inadvertently read data beyond the allocated buffer. This could potentially expose sensitive information or result in unexpected behavior, highlighting the importance of patching and securing applications that utilize Libsoup.

References

https://access.redhat.com/security/cve/CVE-2025-2784

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2354669

issue-trackingx_refsource_REDHAT

https://gitlab.gnome.org/GNOME/libsoup/-/issues/422

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 3, 2025
Vulnerability Reserved
Mar 25, 2025

Red Hat

What is CVE-2025-2784?

References

CVSS V3.1

Timeline