CVE-2025-32050

Description

A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read.

Reserved 2025-04-03 | Published 2025-04-03 | Updated 2025-05-29 | Assigner redhat

Problem types

Buffer Under-read

Product status

Default status
unaffected

Any version before 3.6.1
affected

Default status
affected

0:2.62.3-8.el8_10 before *
unaffected

Default status
affected

0:2.8-3.el8_10.1 before *
unaffected

Default status
affected

0:8.10-1 before *
unaffected

Default status
affected

0:2.62.3-8.el8_10 before *
unaffected

Default status
affected

0:2.62.3-3.el8_8.4 before *
unaffected

Default status
affected

0:2.72.0-10.el9_6.1 before *
unaffected

Default status
affected

0:2.72.0-8.el9_2.4 before *
unaffected

Default status
affected

0:2.72.0-8.el9_4.4 before *
unaffected

Default status
unaffected

Default status
unknown

Default status
unknown

Timeline

2025-04-03:	Reported to Red Hat.
2025-04-03:	Made public.

References

access.redhat.com/errata/RHSA-2025:4440 (RHSA-2025:4440) vendor-advisory

access.redhat.com/errata/RHSA-2025:4508 (RHSA-2025:4508) vendor-advisory

access.redhat.com/errata/RHSA-2025:4560 (RHSA-2025:4560) vendor-advisory

access.redhat.com/errata/RHSA-2025:4568 (RHSA-2025:4568) vendor-advisory

access.redhat.com/errata/RHSA-2025:7436 (RHSA-2025:7436) vendor-advisory

access.redhat.com/errata/RHSA-2025:8292 (RHSA-2025:8292) vendor-advisory

access.redhat.com/security/cve/CVE-2025-32050 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2357067 (RHBZ#2357067) issue-tracking

cve.org (CVE-2025-32050)

nvd.nist.gov (CVE-2025-32050)

Download JSON