Описание
A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server.
Меры по смягчению последствий
Currently, no mitigation was found for this vulnerability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | libsoup | Out of support scope | ||
| Red Hat Enterprise Linux 7 | libsoup | Affected | ||
| Red Hat Enterprise Linux 10 | libsoup3 | Fixed | RHSA-2025:7505 | 13.05.2025 |
| Red Hat Enterprise Linux 8 | libsoup | Fixed | RHSA-2025:4560 | 06.05.2025 |
| Red Hat Enterprise Linux 8 | mingw-freetype | Fixed | RHSA-2025:8292 | 29.05.2025 |
| Red Hat Enterprise Linux 8 | spice-client-win | Fixed | RHSA-2025:8292 | 29.05.2025 |
| Red Hat Enterprise Linux 8 | libsoup | Fixed | RHSA-2025:4560 | 06.05.2025 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | libsoup | Fixed | RHSA-2025:4538 | 06.05.2025 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | libsoup | Fixed | RHSA-2025:4609 | 07.05.2025 |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | libsoup | Fixed | RHSA-2025:4609 | 07.05.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server.
A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server.
A flaw was found in libsoup, where the soup_headers_parse_request() fu ...
A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server.
EPSS
7.5 High
CVSS3