PT-2025-14571 · Libsoup+11 · Libsoup+11

Published

2025-01-22

·

Updated

2025-11-18

·

CVE-2025-2784

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions libsoup (affected versions not specified)
Description A flaw was found in libsoup, making the package vulnerable to a heap buffer over-read when sniffing content via the skip insight whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Over-read

Out of bounds Read

Weakness Enumeration

CWE-126CWE-125

Related Identifiers

ALSA-2025:7505
ALSA-2025:8126
ALSA-2025:8132
ALT-PU-2025-8157
ALT-PU-2025-8699
ALT-PU-2025-9694
AZL-59535
AZL-59544
BDU:2025-05737
CESA-2025_8132
CVE-2025-2784
DLA-4140-1
INFSA-2025_8126
INFSA-2025_8132
MGASA-2025-0261
OESA-2025-1441
OPENSUSE-SU-2025:15018-1
OPENSUSE-SU-2025_1503-1
OPENSUSE-SU-2025_1504-1
OPENSUSE-SU-2025_1509-1
OPENSUSE-SU-2025_1510-1
RHSA-2025:7505
RHSA-2025:8126
RHSA-2025:8132
RHSA-2025:8139
RHSA-2025:8140
RHSA-2025:8252
RHSA-2025:8480
RHSA-2025:8481
RHSA-2025:8482
RHSA-2025:8663
RHSA-2025:9179
RHSA-2025_8126
RHSA-2025_8132
SUSE-SU-2025:01503-1
SUSE-SU-2025:01504-1
SUSE-SU-2025:1503-1
SUSE-SU-2025:1504-1
SUSE-SU-2025:1509-1
SUSE-SU-2025:1510-1
SUSE-SU-2025:1518-1
SUSE-SU-2025:1519-1
SUSE-SU-2025:20375-1
SUSE-SU-2025:20446-1
SUSE-SU-2025_01503-1
SUSE-SU-2025_01504-1
SUSE-SU-2025_1503-1
SUSE-SU-2025_1504-1
SUSE-SU-2025_1509-1
SUSE-SU-2025_1510-1
SUSE-SU-2025_1519-1
USN-7432-1
USN-7565-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Libsoup