NIXPKGS-2026-0034

GitHub issue published on 18 Jan 2026

Permalink CVE-2025-12105

updated 1 month ago by @LeSuisse Activity log

Created automatic suggestion 3 months ago
@LeSuisse removed
2 packages
- tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4"
- libsoup_2_4
1 month ago
@LeSuisse accepted 1 month ago
@LeSuisse published on GitHub 1 month ago

Libsoup: heap use-after-free in libsoup message queue handling during http/2 read completion

A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missing state synchronization. This leads to a use-after-free memory access, potentially crashing the affected application. Attackers could exploit this behavior remotely by triggering specific HTTP/2 read and cancel sequences, resulting in a denial-of-service condition.

Affected products

libsoup

=<3.6.5

libsoup3

Matching in nixpkgs

pkgs.libsoup_3

HTTP client/server library for GNOME

nixos-unstable 3.6.5
- nixpkgs-unstable 3.6.5
- nixos-unstable-small 3.6.5

Package maintainers

@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@bobby285271 Bobby Rong <rjl931189261@126.com>
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
@jtojnar Jan Tojnar <jtojnar@gmail.com>
@lovek323 Jason O'Conal <jason@oconal.id.au>

Upstream fix: https://gitlab.gnome.org/GNOME/libsoup/-/commit/9ba1243a24e442fa5ec44684617a4480027da960

Nixpkgs Security Tracker

Details of issue NIXPKGS-2026-0034

Affected products

Matching in nixpkgs

pkgs.libsoup_3

Package maintainers