Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-2784

A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.

Published

2025-04-03T03:15:18.113

Last Modified

2025-06-20T15:26:29.143

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.0 (HIGH)

Weaknesses

Type: Secondary
CWE-125

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gnome	libsoup	< 3.6.5	Yes
Application	redhat	codeready_linux_builder	10.0	Yes
Application	redhat	codeready_linux_builder_for_arm64	10.0_aarch64	Yes
Application	redhat	codeready_linux_builder_for_arm64_eus	10.0_aarch64	Yes
Application	redhat	codeready_linux_builder_for_ibm_z_systems	10.0_s390x	Yes
Application	redhat	codeready_linux_builder_for_ibm_z_systems_eus	10.0_s390x	Yes
Application	redhat	codeready_linux_builder_for_power_little_endian	10.0_ppc64le	Yes
Application	redhat	codeready_linux_builder_for_power_little_endian_eus	10.0_ppc64le	Yes
Operating System	redhat	enterprise_linux	8.0	Yes
Operating System	redhat	enterprise_linux	9.0	Yes
Operating System	redhat	enterprise_linux	10.0	Yes
Operating System	redhat	enterprise_linux_eus	8.8	Yes
Operating System	redhat	enterprise_linux_eus	9.2	Yes
Operating System	redhat	enterprise_linux_eus	9.4	Yes
Operating System	redhat	enterprise_linux_eus	9.6	Yes
Operating System	redhat	enterprise_linux_eus	10.0	Yes
Operating System	redhat	enterprise_linux_for_arm_64	8.0_aarch64	Yes
Operating System	redhat	enterprise_linux_for_arm_64	9.0_aarch64	Yes
Operating System	redhat	enterprise_linux_for_arm_64	10.0_aarch64	Yes
Operating System	redhat	enterprise_linux_for_arm_64_eus	8.8_aarch64	Yes
Operating System	redhat	enterprise_linux_for_arm_64_eus	9.2_aarch64	Yes
Operating System	redhat	enterprise_linux_for_arm_64_eus	9.4_aarch64	Yes
Operating System	redhat	enterprise_linux_for_arm_64_eus	9.6_aarch64	Yes
Operating System	redhat	enterprise_linux_for_arm_64_eus	10.0_aarch64	Yes
Operating System	redhat	enterprise_linux_for_ibm_z_systems	8.0_s390x	Yes
Operating System	redhat	enterprise_linux_for_ibm_z_systems	9.0_s390x	Yes
Operating System	redhat	enterprise_linux_for_ibm_z_systems	10.0_s390x	Yes
Operating System	redhat	enterprise_linux_for_ibm_z_systems_eus	8.8_s390x	Yes
Operating System	redhat	enterprise_linux_for_ibm_z_systems_eus	9.2_s390x	Yes
Operating System	redhat	enterprise_linux_for_ibm_z_systems_eus	9.4_s390x	Yes
Operating System	redhat	enterprise_linux_for_ibm_z_systems_eus	9.6_s390x	Yes
Operating System	redhat	enterprise_linux_for_ibm_z_systems_eus	10.0_s390x	Yes
Operating System	redhat	enterprise_linux_for_power_little_endian	8.0_ppc64le	Yes
Operating System	redhat	enterprise_linux_for_power_little_endian	9.0_ppc64le	Yes
Operating System	redhat	enterprise_linux_for_power_little_endian	10.0_ppc64le	Yes
Operating System	redhat	enterprise_linux_for_power_little_endian_eus	8.8_ppc64le	Yes
Operating System	redhat	enterprise_linux_for_power_little_endian_eus	9.2_ppc64le	Yes
Operating System	redhat	enterprise_linux_for_power_little_endian_eus	9.4_ppc64le	Yes
Operating System	redhat	enterprise_linux_for_power_little_endian_eus	9.6_ppc64le	Yes
Operating System	redhat	enterprise_linux_for_power_little_endian_eus	10.0_ppc64le	Yes
Operating System	redhat	enterprise_linux_server	7.0	Yes
Operating System	redhat	enterprise_linux_server_aus	8.2	Yes
Operating System	redhat	enterprise_linux_server_aus	8.4	Yes
Operating System	redhat	enterprise_linux_server_aus	8.6	Yes
Operating System	redhat	enterprise_linux_server_aus	9.2	Yes
Operating System	redhat	enterprise_linux_server_aus	9.4	Yes
Operating System	redhat	enterprise_linux_server_aus	9.6	Yes
Operating System	redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.6_ppc64le	Yes
Operating System	redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	9.0_ppc64le	Yes
Operating System	redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	9.6_ppc64le	Yes
Operating System	redhat	enterprise_linux_server_tus	8.6	Yes
Operating System	redhat	enterprise_linux_server_tus	8.8	Yes
Operating System	redhat	enterprise_linux_update_services_for_sap_solutions	8.8	Yes
Operating System	redhat	enterprise_linux_update_services_for_sap_solutions	9.0	Yes
Operating System	redhat	enterprise_linux_update_services_for_sap_solutions	9.2	Yes
Operating System	redhat	enterprise_linux_update_services_for_sap_solutions	9.4	Yes
Operating System	redhat	enterprise_linux_update_services_for_sap_solutions	9.6	Yes

References

https://access.redhat.com/errata/RHSA-2025:7505 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:8126 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:8132 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:8139 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:8140 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:8252 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:8480 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:8481 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:8482 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:8663 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:9179 Third Party Advisory ([email protected])
https://access.redhat.com/security/cve/CVE-2025-2784 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2354669 Third Party Advisory ([email protected])
https://gitlab.gnome.org/GNOME/libsoup/-/issues/422 Exploit, Issue Tracking ([email protected])
https://gitlab.gnome.org/GNOME/libsoup/-/issues/422 Exploit, Issue Tracking (134c704f-9b21-4f2e-91b3-4a467353bcc0)