CVE-2025-4969
published 2025-05-21CVE-2025-4969: A vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of multipart HTTP messages. This can…
medium6.5CVSS 3.1
AVNACLPRNUINSUCLINAL
A vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of multipart HTTP messages. This can allow a remote attacker to send a specially crafted multipart HTTP body, causing the libsoup-consuming server to read beyond its allocated memory boundaries (out-of-bounds read).
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libsoup2.4 | < libsoup2.4 2.72.0-2+deb11u3 (bullseye) | libsoup2.4 2.72.0-2+deb11u3 (bullseye) |
| debian | libsoup3 | < libsoup2.4 2.72.0-2+deb11u3 (bullseye) | libsoup2.4 2.72.0-2+deb11u3 (bullseye) |
| msrc | azl3_libsoup_3.4.4-9_on_azure_linux_3.0 | — | — |
| msrc | cbl2_libsoup_3.0.4-7_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_libsoup_3.0.4-9_on_cbl_mariner_2.0 | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
osv6.5MEDIUM