Description
A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds.
Problem types
Product status
Any version before 3.6.5
0:3.6.5-3.el10_0 (rpm) before *
0:2.62.2-9.el7_9 (rpm) before *
0:2.62.2-6.el7_9 (rpm) before *
0:2.62.3-9.el8_10 (rpm) before *
0:2.62.3-9.el8_10 (rpm) before *
0:2.62.3-1.el8_2.5 (rpm) before *
0:2.62.3-2.el8_4.5 (rpm) before *
0:2.62.3-2.el8_6.5 (rpm) before *
0:2.62.3-2.el8_6.5 (rpm) before *
0:2.62.3-2.el8_6.5 (rpm) before *
0:2.62.3-3.el8_8.5 (rpm) before *
0:2.72.0-10.el9_6.2 (rpm) before *
0:2.72.0-8.el9_0.5 (rpm) before *
0:2.72.0-8.el9_2.5 (rpm) before *
0:2.72.0-8.el9_4.5 (rpm) before *
Timeline
| 2025-04-14: | Reported to Red Hat. |
| 2025-04-14: | Made public. |
References
lists.debian.org/debian-lts-announce/2025/04/msg00036.html
access.redhat.com/errata/RHSA-2025:21657 (RHSA-2025:21657)
access.redhat.com/errata/RHSA-2025:7505 (RHSA-2025:7505)
access.redhat.com/errata/RHSA-2025:8126 (RHSA-2025:8126)
access.redhat.com/errata/RHSA-2025:8132 (RHSA-2025:8132)
access.redhat.com/errata/RHSA-2025:8139 (RHSA-2025:8139)
access.redhat.com/errata/RHSA-2025:8140 (RHSA-2025:8140)
access.redhat.com/errata/RHSA-2025:8252 (RHSA-2025:8252)
access.redhat.com/errata/RHSA-2025:8480 (RHSA-2025:8480)
access.redhat.com/errata/RHSA-2025:8481 (RHSA-2025:8481)
access.redhat.com/errata/RHSA-2025:8482 (RHSA-2025:8482)
access.redhat.com/errata/RHSA-2025:8663 (RHSA-2025:8663)
access.redhat.com/errata/RHSA-2025:9179 (RHSA-2025:9179)
access.redhat.com/security/cve/CVE-2025-32914
bugzilla.redhat.com/show_bug.cgi?id=2359358 (RHBZ#2359358)
gitlab.gnome.org/GNOME/libsoup/-/issues/436