CVE-2025-32049

Опубликовано: 03 апр. 2025

Источник: debian

Описание

A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).

Пакеты

Пакет	Статус	Релиз	Тип
libsoup3	unfixed		package
libsoup3	no-dsa	bookworm	package
libsoup2.4	unfixed		package
libsoup2.4	no-dsa	bookworm	package

Примечания

https://gitlab.gnome.org/GNOME/libsoup/-/issues/390
https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/408
Proposed fix adds an option with the default retaining old behaviour:
https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/408#note_2394070

Связанные уязвимости

CVE-2025-32049

CVSS3: 7.5

ubuntu

3 месяца назад

A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).

CVE-2025-32049

CVSS3: 7.5

redhat

3 месяца назад

A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).

CVE-2025-32049

CVSS3: 7.5

nvd

3 месяца назад

A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).

GHSA-fqvp-p5gx-qqhg

CVSS3: 7.5

github

3 месяца назад

A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).

ELSA-2025-8132

oracle-oval

24 дня назад

ELSA-2025-8132: libsoup security update (IMPORTANT)