Описание
A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an application level denial of service.
Отчет
This MODERATE impact flaw in libsoup arises from an integer underflow when processing content with zero-length resources, leading to a buffer overread. This vulnerability could allow an attacker to potentially access sensitive information or cause an application-level denial of service. Red Hat Enterprise Linux and Fedora systems utilizing libsoup are affected when applications process such malformed content.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | libsoup3 | Fix deferred | ||
| Red Hat Enterprise Linux 6 | libsoup | Not affected | ||
| Red Hat Enterprise Linux 7 | libsoup | Not affected | ||
| Red Hat Enterprise Linux 8 | libsoup | Not affected | ||
| Red Hat Enterprise Linux 9 | libsoup | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
Integer underflow in CVE-2025-32052 fix when resource_length=0
A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an application level denial of service.
Libsoup: libsoup: buffer overread due to integer underflow when handling zero-length resources
A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an application level denial of service.
EPSS
6.5 Medium
CVSS3