Description
A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes.
Problem types
Missing Release of Memory after Effective Lifetime
Product status
Any version before 3.6.3
0:2.62.3-8.el8_10 (rpm) before *
0:2.62.3-8.el8_10 (rpm) before *
0:2.62.3-1.el8_2.4 (rpm) before *
0:2.62.3-2.el8_4.4 (rpm) before *
0:2.62.3-2.el8_4.4 (rpm) before *
0:2.62.3-2.el8_4.4 (rpm) before *
0:2.62.3-2.el8_6.4 (rpm) before *
0:2.62.3-2.el8_6.4 (rpm) before *
0:2.62.3-2.el8_6.4 (rpm) before *
0:2.62.3-3.el8_8.4 (rpm) before *
0:2.72.0-10.el9_6.1 (rpm) before *
0:2.72.0-8.el9_0.4 (rpm) before *
0:2.72.0-8.el9_2.4 (rpm) before *
0:2.72.0-8.el9_4.4 (rpm) before *
Timeline
| 2025-04-24: | Reported to Red Hat. |
| 2025-04-24: | Made public. |
References
access.redhat.com/errata/RHSA-2025:4439 (RHSA-2025:4439)
access.redhat.com/errata/RHSA-2025:4440 (RHSA-2025:4440)
access.redhat.com/errata/RHSA-2025:4508 (RHSA-2025:4508)
access.redhat.com/errata/RHSA-2025:4538 (RHSA-2025:4538)
access.redhat.com/errata/RHSA-2025:4560 (RHSA-2025:4560)
access.redhat.com/errata/RHSA-2025:4568 (RHSA-2025:4568)
access.redhat.com/errata/RHSA-2025:4609 (RHSA-2025:4609)
access.redhat.com/errata/RHSA-2025:4624 (RHSA-2025:4624)
access.redhat.com/errata/RHSA-2025:7436 (RHSA-2025:7436)
access.redhat.com/security/cve/CVE-2025-46420
bugzilla.redhat.com/show_bug.cgi?id=2361963 (RHBZ#2361963)
gitlab.gnome.org/GNOME/libsoup/-/issues/438