CVE-2025-4476
Libsoup: null pointer dereference in libsoup may lead to denial of service
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Libsoup: null pointer dereference in libsoup may lead to denial of service
A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 (Unauthorized) HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing this malformed header can lead to a crash of the client application using libsoup. An attacker could exploit this by setting up a malicious HTTP server. If a user's application using the vulnerable libsoup library connects to this malicious server, it could result in a denial-of-service. Successful exploitation requires tricking a user's client application into connecting to the attacker's malicious server.
Reserved 2025-05-08 | Published 2025-05-16 | Updated 2025-05-30 | Assigner redhat| 2025-05-15: | Reported to Red Hat. |
| 2025-05-08: | Made public. |
access.redhat.com/security/cve/CVE-2025-4476
bugzilla.redhat.com/show_bug.cgi?id=2366513 (RHBZ#2366513)
Support options
