Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-0034

NIXPKGS-2026-0034
published on
Permalink CVE-2025-12105
7.5 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): High (H)
updated 4 months ago by @LeSuisse Activity log
  • Created suggestion 6 months ago
  • @LeSuisse ignored
    2 packages
    • tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4"
    • libsoup_2_4
    4 months ago
  • @LeSuisse accepted 4 months ago
  • @LeSuisse published on GitHub 4 months ago
Libsoup: heap use-after-free in libsoup message queue handling during http/2 read completion

A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missing state synchronization. This leads to a use-after-free memory access, potentially crashing the affected application. Attackers could exploit this behavior remotely by triggering specific HTTP/2 read and cancel sequences, resulting in a denial-of-service condition.

References

Affected products

libsoup
  • =<3.6.5
libsoup3
  • *

Matching in nixpkgs

pkgs.libsoup_3

HTTP client/server library for GNOME

Ignored packages (2)

Package maintainers

Upstream fix: https://gitlab.gnome.org/GNOME/libsoup/-/commit/9ba1243a24e442fa5ec44684617a4480027da960