Description
A flaw was found in libsoup, where the soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function.
Problem types
Product status
Any version before 3.6.2
0:2.62.2-9.el7_9 (rpm) before *
0:2.62.2-6.el7_9 (rpm) before *
0:2.62.3-8.el8_10 (rpm) before *
0:2.8-3.el8_10.1 (rpm) before *
0:8.10-1 (rpm) before *
0:2.62.3-8.el8_10 (rpm) before *
0:2.62.3-1.el8_2.4 (rpm) before *
0:2.62.3-2.el8_4.4 (rpm) before *
0:2.62.3-2.el8_4.4 (rpm) before *
0:2.62.3-2.el8_4.4 (rpm) before *
0:2.62.3-2.el8_6.4 (rpm) before *
0:2.62.3-2.el8_6.4 (rpm) before *
0:2.62.3-2.el8_6.4 (rpm) before *
0:2.62.3-3.el8_8.4 (rpm) before *
0:2.72.0-10.el9_6.1 (rpm) before *
0:2.72.0-8.el9_0.4 (rpm) before *
0:2.72.0-8.el9_2.4 (rpm) before *
0:2.72.0-8.el9_4.4 (rpm) before *
Timeline
| 2025-04-14: | Reported to Red Hat. |
| 2025-04-14: | Made public. |
References
lists.debian.org/debian-lts-announce/2025/04/msg00036.html
access.redhat.com/errata/RHSA-2025:21657 (RHSA-2025:21657)
access.redhat.com/errata/RHSA-2025:4439 (RHSA-2025:4439)
access.redhat.com/errata/RHSA-2025:4440 (RHSA-2025:4440)
access.redhat.com/errata/RHSA-2025:4508 (RHSA-2025:4508)
access.redhat.com/errata/RHSA-2025:4538 (RHSA-2025:4538)
access.redhat.com/errata/RHSA-2025:4560 (RHSA-2025:4560)
access.redhat.com/errata/RHSA-2025:4568 (RHSA-2025:4568)
access.redhat.com/errata/RHSA-2025:4609 (RHSA-2025:4609)
access.redhat.com/errata/RHSA-2025:4624 (RHSA-2025:4624)
access.redhat.com/errata/RHSA-2025:7436 (RHSA-2025:7436)
access.redhat.com/errata/RHSA-2025:8292 (RHSA-2025:8292)
access.redhat.com/errata/RHSA-2025:9179 (RHSA-2025:9179)
access.redhat.com/security/cve/CVE-2025-32913
bugzilla.redhat.com/show_bug.cgi?id=2359357 (RHBZ#2359357)