Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-32911

Опубликовано: 14 апр. 2025
Источник: redhat
CVSS3: 9
EPSS Низкий

Описание

A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server.

Меры по смягчению последствий

Currently, no mitigation is available for this vulnerability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10libsoup3Not affected
Red Hat Enterprise Linux 6libsoupOut of support scope
Red Hat Enterprise Linux 7 Extended Lifecycle SupportlibsoupFixedRHSA-2025:917917.06.2025
Red Hat Enterprise Linux 8libsoupFixedRHSA-2025:456006.05.2025
Red Hat Enterprise Linux 8mingw-freetypeFixedRHSA-2025:829229.05.2025
Red Hat Enterprise Linux 8spice-client-winFixedRHSA-2025:829229.05.2025
Red Hat Enterprise Linux 8libsoupFixedRHSA-2025:456006.05.2025
Red Hat Enterprise Linux 8.2 Advanced Update SupportlibsoupFixedRHSA-2025:453806.05.2025
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportlibsoupFixedRHSA-2025:460907.05.2025
Red Hat Enterprise Linux 8.4 Telecommunications Update ServicelibsoupFixedRHSA-2025:460907.05.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-590
https://bugzilla.redhat.com/show_bug.cgi?id=2359355libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value

EPSS

Процентиль: 28%
0.00097
Низкий

9 Critical

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-32911

CVSS3: 9
ubuntu
2 месяца назад

A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server.

nvd логотип

CVE-2025-32911

CVSS3: 9
nvd
2 месяца назад

A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server.

debian логотип

CVE-2025-32911

CVSS3: 9
debian
2 месяца назад

A use-after-free type vulnerability was found in libsoup, in the soup_ ...

github логотип

GHSA-fp4x-j6ch-w8q5

CVSS3: 9
github
2 месяца назад

A flaw was found in libsoup, which is vulnerable to a use-after-free memory issue not on the heap in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server.

fstec логотип

BDU:2025-04723

CVSS3: 9
fstec
2 месяца назад

Уязвимость функции soup_message_headers_get_content_disposition() библиотеки libsoup графического интерфейса GNOME, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 28%
0.00097
Низкий

9 Critical

CVSS3