Home

Description

A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 (Unauthorized) HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing this malformed header can lead to a crash of the client application using libsoup. An attacker could exploit this by setting up a malicious HTTP server. If a user's application using the vulnerable libsoup library connects to this malicious server, it could result in a denial-of-service. Successful exploitation requires tricking a user's client application into connecting to the attacker's malicious server.

PUBLISHED Reserved 2025-05-08 | Published 2025-05-16 | Updated 2026-05-06 | Assigner redhat




MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Problem types

NULL Pointer Dereference

Product status

Default status
unaffected

Any version before 3.6.6
affected

Default status
affected

Default status
unknown

Default status
unknown

Default status
affected

Default status
affected

Timeline

2025-05-15:Reported to Red Hat.
2025-05-08:Made public.

References

gitlab.gnome.org/GNOME/libsoup/-/work_items/440 exploit

access.redhat.com/security/cve/CVE-2025-4476 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2366513 (RHBZ#2366513) issue-tracking

gitlab.gnome.org/GNOME/libsoup/-/issues/440

cve.org (CVE-2025-4476)

nvd.nist.gov (CVE-2025-4476)

Download JSON