7

CVE-2025-2784

Exploit

Libsoup: heap buffer over-read in `skip_insignificant_space` when sniffing content

A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnomeLibsoup Version < 3.6.5
RedhatCodeready Linux Builder For Arm64 Version10.0_aarch64
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
RedhatEnterprise Linux Version10.0
RedhatEnterprise Linux Eus Version8.8
RedhatEnterprise Linux Eus Version9.2
RedhatEnterprise Linux Eus Version9.4
RedhatEnterprise Linux Eus Version9.6
RedhatEnterprise Linux Eus Version10.0
RedhatEnterprise Linux For Arm 64 Version8.0_aarch64
RedhatEnterprise Linux For Arm 64 Version9.0_aarch64
RedhatEnterprise Linux For Arm 64 Version10.0_aarch64
RedhatEnterprise Linux For Arm 64 Eus Version8.8_aarch64
RedhatEnterprise Linux For Arm 64 Eus Version9.2_aarch64
RedhatEnterprise Linux For Arm 64 Eus Version9.4_aarch64
RedhatEnterprise Linux For Arm 64 Eus Version9.6_aarch64
RedhatEnterprise Linux For Arm 64 Eus Version10.0_aarch64
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.79% 0.517
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 3.9 2.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
secalert@redhat.com 7 2.2 4.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://access.redhat.com/security/cve/CVE-2025-2784
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2354669
Third Party Advisory
https://gitlab.gnome.org/GNOME/libsoup/-/issues/422
Exploit
Issue Tracking
https://access.redhat.com/errata/RHSA-2025:7505
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:8126
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:8139
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:8132
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:8140
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:8252
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:8480
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:8481
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:8482
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:8663
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:9179
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html
https://access.redhat.com/errata/RHSA-2025:21657