Permalink
CVE-2025-53603
7.5 HIGH
- CVSS version: 3.1
- Attack vector (AV):
- Attack complexity (AC):
- Privileges required (PR):
- User interaction (UI):
- Scope (S):
- Confidentiality impact (C):
- Integrity impact (I):
- Availability impact (A):
In Alinto SOPE SOGo 2.0.2 through 5.12.2, sope-core/NGExtensions/NGHashMap.m allows a …
In Alinto SOPE SOGo 2.0.2 through 5.12.2, sope-core/NGExtensions/NGHashMap.m allows a NULL pointer dereference and SOGo crash via a request in which a parameter in the query string is a duplicate of a parameter in the POST body.
References
- https://github.com/Alinto/sope/pull/69
- https://github.com/Alinto/sope/compare/SOGo-2.0.1...SOGo-2.0.2
- https://www.openwall.com/lists/oss-security/2025/07/02/3
- https://github.com/Alinto/sope/blob/3146fbdb6ff3314e37e5c3682deeeef7d0f32064/so…
- https://www.openwall.com/lists/oss-security/2025/07/02/3 exploit
- https://github.com/Alinto/sope/compare/SOGo-2.0.1...SOGo-2.0.2
- https://www.openwall.com/lists/oss-security/2025/07/02/3
- https://github.com/Alinto/sope/blob/3146fbdb6ff3314e37e5c3682deeeef7d0f32064/so…
- https://github.com/Alinto/sope/pull/69
- https://www.openwall.com/lists/oss-security/2025/07/02/3 exploit
- https://lists.debian.org/debian-lts-announce/2025/08/msg00001.html
- https://github.com/Alinto/sope/compare/SOGo-2.0.1...SOGo-2.0.2
- https://www.openwall.com/lists/oss-security/2025/07/02/3
- https://github.com/Alinto/sope/blob/3146fbdb6ff3314e37e5c3682deeeef7d0f32064/so…
- https://github.com/Alinto/sope/pull/69
- https://www.openwall.com/lists/oss-security/2025/07/02/3 exploit
- http://www.openwall.com/lists/oss-security/2025/07/05/1
- https://lists.debian.org/debian-lts-announce/2025/08/msg00001.html
- https://github.com/Alinto/sope/compare/SOGo-2.0.1...SOGo-2.0.2
- https://www.openwall.com/lists/oss-security/2025/07/02/3
- https://github.com/Alinto/sope/blob/3146fbdb6ff3314e37e5c3682deeeef7d0f32064/so…
- https://github.com/Alinto/sope/pull/69
- https://github.com/Alinto/sope/commit/280104e45c20519ac4849ebf8bca114d91383543
- https://www.openwall.com/lists/oss-security/2025/07/02/3 exploit
- http://www.openwall.com/lists/oss-security/2025/07/05/1
- https://lists.debian.org/debian-lts-announce/2025/08/msg00001.html
Affected products
SOPE
- =<5.12.2
Matching in nixpkgs
pkgs.sope
Extensive set of frameworks which form a complete Web application server environment
pkgs.mediastreamer-openh264
H.264 encoder/decoder plugin for mediastreamer2. Part of the Linphone project
pkgs.python312Packages.sopel
Simple and extensible IRC bot
pkgs.python313Packages.sopel
Simple and extensible IRC bot
pkgs.haskellPackages.HsOpenSSL
Partial OpenSSL binding for Haskell
pkgs.linphonePackages.msopenh264
H.264 encoder/decoder plugin for mediastreamer2. Part of the Linphone project
pkgs.haskellPackages.HsOpenSSL-x509-system
Use the system's native CA certificate store with HsOpenSSL
-
nixos-unstable x509-system-0.1.0.4
- nixpkgs-unstable x509-system-0.1.0.4
- nixos-unstable-small x509-system-0.1.0.4
Package maintainers
-
@jluttine Jaakko Luttinen <jaakko.luttinen@iki.fi>
-
@mogorman Matthew O'Gorman <mog-lists@rldn.net>
-
@jceb Jan Christoph Ebersbach <jceb@e-jc.de>
-
@Naxdy Naxdy <naxdy@naxdy.org>