Description
A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server.
Problem types
Product status
Any version before 3.6.5
0:3.6.5-3.el10_0 (rpm) before *
0:2.62.2-9.el7_9 (rpm) before *
0:2.62.2-6.el7_9 (rpm) before *
0:2.62.3-8.el8_10 (rpm) before *
0:2.8-3.el8_10.1 (rpm) before *
0:8.10-1 (rpm) before *
0:2.62.3-8.el8_10 (rpm) before *
0:2.62.3-1.el8_2.4 (rpm) before *
0:2.62.3-2.el8_4.4 (rpm) before *
0:2.62.3-2.el8_4.4 (rpm) before *
0:2.62.3-2.el8_4.4 (rpm) before *
0:2.62.3-2.el8_6.4 (rpm) before *
0:2.62.3-2.el8_6.4 (rpm) before *
0:2.62.3-2.el8_6.4 (rpm) before *
0:2.62.3-3.el8_8.4 (rpm) before *
0:2.72.0-10.el9_6.1 (rpm) before *
0:2.72.0-8.el9_0.4 (rpm) before *
0:2.72.0-8.el9_2.4 (rpm) before *
0:2.72.0-8.el9_4.4 (rpm) before *
Timeline
| 2025-04-14: | Reported to Red Hat. |
| 2025-04-14: | Made public. |
References
lists.debian.org/debian-lts-announce/2025/04/msg00036.html
access.redhat.com/errata/RHSA-2025:21657 (RHSA-2025:21657)
access.redhat.com/errata/RHSA-2025:4439 (RHSA-2025:4439)
access.redhat.com/errata/RHSA-2025:4440 (RHSA-2025:4440)
access.redhat.com/errata/RHSA-2025:4508 (RHSA-2025:4508)
access.redhat.com/errata/RHSA-2025:4538 (RHSA-2025:4538)
access.redhat.com/errata/RHSA-2025:4560 (RHSA-2025:4560)
access.redhat.com/errata/RHSA-2025:4568 (RHSA-2025:4568)
access.redhat.com/errata/RHSA-2025:4609 (RHSA-2025:4609)
access.redhat.com/errata/RHSA-2025:4624 (RHSA-2025:4624)
access.redhat.com/errata/RHSA-2025:7436 (RHSA-2025:7436)
access.redhat.com/errata/RHSA-2025:7505 (RHSA-2025:7505)
access.redhat.com/errata/RHSA-2025:8292 (RHSA-2025:8292)
access.redhat.com/errata/RHSA-2025:9179 (RHSA-2025:9179)
access.redhat.com/security/cve/CVE-2025-32906
bugzilla.redhat.com/show_bug.cgi?id=2359341 (RHBZ#2359341)