Debian Libsoup3 vulnerabilities

CVE-2025-32051 [MEDIUM] CVE-2025-32051: libsoup2.4 - A flaw was found in libsoup. The libsoup soup_uri_decode_data_uri() function may... A flaw was found in libsoup. The libsoup soup_uri_decode_data_uri() function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service (DoS). Scope: local bookworm: resolved bullseye: resolved trixie: resolved

CVE-2025-32908 [HIGH] CVE-2025-32908: libsoup2.4 - A flaw was found in libsoup. The HTTP/2 server in libsoup may not fully validate... A flaw was found in libsoup. The HTTP/2 server in libsoup may not fully validate the values of pseudo-headers :scheme, :authority, and :path, which may allow a user to cause a denial of service (DoS). Scope: local bookworm: resolved bullseye: resolved trixie: resolved

CVE-2025-4945 [LOW] CVE-2025-4945: libsoup2.4 - A flaw was found in the cookie parsing logic of the libsoup HTTP library, used i... A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persis

CVE-2025-12105 [HIGH] CVE-2025-12105: libsoup2.4 - A flaw was found in the asynchronous message queue handling of the libsoup libra... A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missing state synchronization. This leads to a use-after-free memory acces

CVE-2024-52530 [HIGH] CVE-2024-52530: libsoup2.4 - GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations ... GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header. Scope: local bookworm: resolved (fixed in 2.74.3-1+deb12u1) bullseye: resolved (fixed in 2.72.0-2+deb11u1) trixie

CVE-2024-52532 [HIGH] CVE-2024-52532: libsoup2.4 - GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during ... GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients. Scope: local bookworm: resolved (fixed in 2.74.3-1+deb12u1) bullseye: resolved (fixed in 2.72.0-2+deb11u1) trixie: resolved (fixed in 2.74.3-8.1)

CVE-2024-52531 [MEDIUM] CVE-2024-52531: libsoup2.4 - GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform... GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. There is a plausible way to reach this remotely via soup_message_headers_get_content_type (e.g., an application may want to retrieve the content type of a request or response). Scope: local bookworm: resolved (fixed in 2.7