Описание
A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a full denial of service.
Меры по смягчению последствий
Currently, no mitigation was found for this vulnerability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | libsoup | Out of support scope | ||
| Red Hat Enterprise Linux 7 | libsoup | Out of support scope | ||
| Red Hat Enterprise Linux 8 | libsoup | Not affected | ||
| Red Hat Enterprise Linux 10 | libsoup3 | Fixed | RHSA-2025:8128 | 26.05.2025 |
| Red Hat Enterprise Linux 8 | mingw-freetype | Fixed | RHSA-2025:8292 | 29.05.2025 |
| Red Hat Enterprise Linux 8 | spice-client-win | Fixed | RHSA-2025:8292 | 29.05.2025 |
| Red Hat Enterprise Linux 9 | libsoup | Fixed | RHSA-2025:7436 | 13.05.2025 |
| Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | libsoup | Fixed | RHSA-2025:4439 | 05.05.2025 |
| Red Hat Enterprise Linux 9.2 Extended Update Support | libsoup | Fixed | RHSA-2025:4508 | 06.05.2025 |
| Red Hat Enterprise Linux 9.4 Extended Update Support | libsoup | Fixed | RHSA-2025:4440 | 05.05.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a full denial of service.
A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a full denial of service.
A flaw was found in libsoup. The implementation of HTTP range requests ...
A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory.
Уязвимость библиотеки libsoup графического интерфейса GNOME, связанная с асимметричным потреблением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5.3 Medium
CVSS3