Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-32907

Опубликовано: 14 апр. 2025
Источник: debian
EPSS Низкий

Описание

A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a full denial of service.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libsoup3fixed3.6.5-2package
libsoup3no-dsabookwormpackage
libsoup2.4unfixedpackage
libsoup2.4no-dsabookwormpackage

Примечания

  • https://gitlab.gnome.org/GNOME/libsoup/-/issues/428

  • See also https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/452

  • Upstream also claims there are multiple worse DoS problems, so questions the usefulness of this fix.

EPSS

Процентиль: 32%
0.00122
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-32907

CVSS3: 5.3
ubuntu
4 месяца назад

A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a full denial of service.

redhat логотип

CVE-2025-32907

CVSS3: 5.3
redhat
4 месяца назад

A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a full denial of service.

nvd логотип

CVE-2025-32907

CVSS3: 5.3
nvd
4 месяца назад

A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a full denial of service.

msrc логотип

CVE-2025-32907

CVSS3: 5.3
msrc
30 дней назад

Описание отсутствует

github логотип

GHSA-7wfq-7p2f-6344

CVSS3: 7.5
github
4 месяца назад

A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory.

EPSS

Процентиль: 32%
0.00122
Низкий