Memory Leak Vulnerability in libsoup Affects Red Hat Products
CVE-2025-46420

6.5MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9
Vendor: CVE Published:; 24 April 2025

Summary

A memory leak has been identified in the libsoup library, specifically within the soup_header_parse_quality_list() function. This vulnerability occurs when parsing a quality list that improperly includes elements set to zero, potentially leading to inefficient memory usage and application performance degradation over time. Users of affected versions are advised to take immediate action to mitigate potential impacts.

References

https://access.redhat.com/security/cve/CVE-2025-46420

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2361963

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 24, 2025
Vulnerability Reserved
Apr 24, 2025