CVE-2025-2784 | THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

Description

A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.

Reserved 2025-03-25 | Published 2025-04-03 | Updated 2025-06-04 | Assigner redhat

HIGH: 7.0CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

Problem types

Out-of-bounds Read

Product status

Default status

unaffected

Any version before 3.6.5

affected

Default status

affected

0:3.6.5-3.el10_0 before *

unaffected

Default status

affected

0:2.62.3-9.el8_10 before *

unaffected

Default status

affected

0:2.62.3-9.el8_10 before *

unaffected

Default status

affected

0:2.62.3-1.el8_2.5 before *

unaffected

Default status

affected

0:2.62.3-2.el8_6.5 before *

unaffected

Default status

affected

0:2.62.3-2.el8_6.5 before *

unaffected

Default status

affected

0:2.62.3-2.el8_6.5 before *

unaffected

Default status

affected

0:2.62.3-3.el8_8.5 before *

unaffected

Default status

affected

0:2.72.0-10.el9_6.2 before *

unaffected

Default status

affected

0:2.72.0-8.el9_0.5 before *

unaffected

Default status

affected

0:2.72.0-8.el9_2.5 before *

unaffected

Default status

affected

0:2.72.0-8.el9_4.5 before *

unaffected

Default status

unknown

Default status

unknown

Timeline

2025-03-25:	Reported to Red Hat.
2025-03-25:	Made public.

References

access.redhat.com/errata/RHSA-2025:7505 (RHSA-2025:7505) vendor-advisory

access.redhat.com/errata/RHSA-2025:8126 (RHSA-2025:8126) vendor-advisory

access.redhat.com/errata/RHSA-2025:8132 (RHSA-2025:8132) vendor-advisory

access.redhat.com/errata/RHSA-2025:8139 (RHSA-2025:8139) vendor-advisory

access.redhat.com/errata/RHSA-2025:8140 (RHSA-2025:8140) vendor-advisory

access.redhat.com/errata/RHSA-2025:8252 (RHSA-2025:8252) vendor-advisory

access.redhat.com/errata/RHSA-2025:8480 (RHSA-2025:8480) vendor-advisory

access.redhat.com/errata/RHSA-2025:8481 (RHSA-2025:8481) vendor-advisory

access.redhat.com/errata/RHSA-2025:8482 (RHSA-2025:8482) vendor-advisory

access.redhat.com/security/cve/CVE-2025-2784 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2354669 (RHBZ#2354669) issue-tracking

gitlab.gnome.org/GNOME/libsoup/-/issues/422

cve.org (CVE-2025-2784)

nvd.nist.gov (CVE-2025-2784)

Download JSON

https://cve.threatint.eu/CVE/CVE-2025-2784

Support options

Helpdesk Chat, Email, Knowledgebase