CVE-2025-11021

Опубликовано: 26 сент. 2025

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 7.5

Описание

A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in unintended disclosure of memory contents, potentially exposing sensitive information from the process using libsoup.

Релиз	Статус	Примечание
devel	released	2.74.3-10.1ubuntu4
esm-infra/bionic	released	2.62.1-1ubuntu0.4+esm6
esm-infra/focal	released	2.70.0-1ubuntu0.5+esm1
esm-infra/xenial	released	2.52.2-1ubuntu0.3+esm5
jammy	released	2.74.2-3ubuntu0.6
noble	released	2.74.3-6ubuntu1.6
plucky	released	2.74.3-10ubuntu0.4
questing	released	2.74.3-10.1ubuntu4
upstream	needs-triage

Показывать по

Релиз	Статус	Примечание
devel	released	3.6.5-3
esm-apps/jammy	released	3.0.7-0ubuntu1+esm5
jammy	needed
noble	released	3.4.4-5ubuntu0.5
plucky	released	3.6.5-1ubuntu0.2
questing	released	3.6.5-3
upstream	needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 22%

0.00072

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2025-11021

CVSS3: 7.5

redhat

6 месяцев назад

CVE-2025-11021

CVSS3: 7.5

nvd

6 месяцев назад

CVE-2025-11021

CVSS3: 7.5

msrc

6 месяцев назад

Libsoup: out-of-bounds read in cookie date handling of libsoup http library

CVE-2025-11021

CVSS3: 7.5

debian

6 месяцев назад

A flaw was found in the cookie date handling logic of the libsoup HTTP ...

SUSE-SU-2025:3753-1

suse-cvrf

5 месяцев назад

Security update for libsoup

EPSS

Процентиль: 22%

0.00072

Низкий

7.5 High

CVSS3

CVE-2025-11021

Описание

Пакет libsoup2.4

Пакет libsoup3

Ссылки на источники

Связанные уязвимости