NIXPKGS-2026-0034

GitHub issue published on

Permalink CVE-2025-12105

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

updated 2 months, 3 weeks ago by @LeSuisse Activity log

Created automatic suggestion 4 months, 2 weeks ago
@LeSuisse removed package tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" 2 months, 3 weeks ago
@LeSuisse removed package libsoup_2_4 2 months, 3 weeks ago
@LeSuisse accepted 2 months, 3 weeks ago
@LeSuisse published on GitHub 2 months, 3 weeks ago

Libsoup: heap use-after-free in libsoup message queue handling during http/2 read completion

A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missing state synchronization. This leads to a use-after-free memory access, potentially crashing the affected application. Attackers could exploit this behavior remotely by triggering specific HTTP/2 read and cancel sequences, resulting in a denial-of-service condition.

References

https://access.redhat.com/security/cve/CVE-2025-12105 x_refsource_REDHATvdb-entry
RHBZ#2405992 issue-trackingx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-12105 x_refsource_REDHATvdb-entry
RHBZ#2405992 issue-trackingx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-12105 x_refsource_REDHATvdb-entry
RHBZ#2405992 issue-trackingx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-12105 x_refsource_REDHATvdb-entry
RHBZ#2405992 issue-trackingx_refsource_REDHAT
RHSA-2025:23139 x_refsource_REDHATvendor-advisory
https://access.redhat.com/security/cve/CVE-2025-12105 x_refsource_REDHATvdb-entry
RHBZ#2405992 issue-trackingx_refsource_REDHAT
RHSA-2025:23139 x_refsource_REDHATvendor-advisory
RHSA-2025:23437 x_refsource_REDHATvendor-advisory
https://access.redhat.com/security/cve/CVE-2025-12105 x_refsource_REDHATvdb-entry
RHBZ#2405992 issue-trackingx_refsource_REDHAT
RHSA-2025:23139 x_refsource_REDHATvendor-advisory
RHSA-2025:23437 x_refsource_REDHATvendor-advisory
https://access.redhat.com/security/cve/CVE-2025-12105 x_refsource_REDHATvdb-entry
RHBZ#2405992 issue-trackingx_refsource_REDHAT

Affected products

libsoup

=<3.6.5

libsoup3

Matching in nixpkgs

pkgs.libsoup_3

HTTP client/server library for GNOME

nixos-unstable 3.6.5
- nixpkgs-unstable 3.6.5
- nixos-unstable-small 3.6.5

Package maintainers

@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@bobby285271 Bobby Rong <rjl931189261@126.com>
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
@jtojnar Jan Tojnar <jtojnar@gmail.com>
@lovek323 Jason O'Conal <jason@oconal.id.au>

Upstream fix: https://gitlab.gnome.org/GNOME/libsoup/-/commit/9ba1243a24e442fa5ec44684617a4480027da960

Nixpkgs security tracker

Details of issue NIXPKGS-2026-0034

References

Affected products

Matching in nixpkgs

pkgs.libsoup_3

Package maintainers