Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Untriaged
(browse all)
Permalink CVE-2025-2784
updated 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion 5 months ago
  • @LeSuisse removed package tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" 2 weeks ago
Libsoup: heap buffer over-read in `skip_insignificant_space` when sniffing content

A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.

Affected products

libsoup
  • <3.6.5
  • *
libsoup3
  • *

Matching in nixpkgs

pkgs.libsoup_3

HTTP client/server library for GNOME

  • nixos-unstable -

pkgs.libsoup_2_4

HTTP client/server library for GNOME

  • nixos-unstable -

Package maintainers