CVE-2025-2784

CWE-125 — Out-of-bounds Read11 documents8 sources

Severity

6.5MEDIUM

EPSS

2.1%

top 15.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome Libsoup Redhat Codeready Linux Builder Redhat Codeready Linux Builder FOR Arm64 +18 more

Timeline

PublishedApr 3

Latest updateJun 11

Description

A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:HExploitability: 2.2 | Impact: 4.7

Affected Packages8 packages

▶NVDgnome/libsoup< 3.6.5

▶Debianlibsoup3< 3.2.3-0+deb12u1+2

▶Ubuntulibsoup3< 3.4.4-5ubuntu0.2+1

▶Debianlibsoup2.4< 2.72.0-2+deb11u2+1

▶Ubuntulibsoup2.4< 2.70.0-1ubuntu0.2+2

Also affects: Enterprise Linux 10.0, 8.0, 9.0, 8.8, 9.2, 9.4, 9.6, 8.2, 8.4, 8.6

🔴Vulnerability Details

OSV

libsoup2.4 vulnerabilities↗2025-06-11

▶

OSV

libsoup2.4, libsoup3 vulnerabilities↗2025-04-10

▶

GHSA

GHSA-5qxx-2mqf-3v7g: A flaw was found in libsoup↗2025-04-03

▶

OSV

CVE-2025-2784: A flaw was found in libsoup↗2025-04-03

▶

CVEList

Libsoup: heap buffer over-read in `skip_insignificant_space` when sniffing content↗2025-04-03

▶

📋Vendor Advisories

Ubuntu

libsoup vulnerabilities↗2025-06-11

▶

Ubuntu

libsoup vulnerabilities↗2025-04-10

▶

Microsoft

Libsoup: heap buffer over-read in `skip_insignificant_space` when sniffing content↗2025-04-08

▶

Red Hat

libsoup: Heap buffer over-read in `skip_insignificant_space` when sniffing content↗2025-03-25

▶

Debian

CVE-2025-2784: libsoup2.4 - A flaw was found in libsoup. The package is vulnerable to a heap buffer over-rea...↗2025

▶