CVE-2025-32053 | THREATINT

Description

A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read.

Reserved 2025-04-03 | Published 2025-04-03 | Updated 2025-05-13 | Assigner redhat

MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Problem types

Buffer Over-read

Product status

Default status

unaffected

Any version before 3.6.1

affected

Default status

affected

0:2.62.3-8.el8_10 before *

unaffected

Default status

affected

0:2.62.3-8.el8_10 before *

unaffected

Default status

affected

0:2.62.3-3.el8_8.4 before *

unaffected

Default status

affected

0:2.72.0-10.el9_6.1 before *

unaffected

Default status

affected

0:2.72.0-8.el9_2.4 before *

unaffected

Default status

affected

0:2.72.0-8.el9_4.4 before *

unaffected

Default status

unknown

Default status

unknown

Timeline

2025-04-03:	Reported to Red Hat.
2025-04-03:	Made public.

References

access.redhat.com/errata/RHSA-2025:4440 (RHSA-2025:4440) vendor-advisory

access.redhat.com/errata/RHSA-2025:4508 (RHSA-2025:4508) vendor-advisory

access.redhat.com/errata/RHSA-2025:4560 (RHSA-2025:4560) vendor-advisory

access.redhat.com/errata/RHSA-2025:4568 (RHSA-2025:4568) vendor-advisory

access.redhat.com/errata/RHSA-2025:7436 (RHSA-2025:7436) vendor-advisory

access.redhat.com/security/cve/CVE-2025-32053 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2357070 (RHBZ#2357070) issue-tracking

cve.org (CVE-2025-32053)

nvd.nist.gov (CVE-2025-32053)

Download JSON