Nixpkgs security tracker

Untriaged

Permalink CVE-2025-32912

6.5 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

updated 3 months, 2 weeks ago by @LeSuisse Activity log

Created suggestion 8 months ago
@LeSuisse ignored package tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" 3 months, 2 weeks ago

Libsoup: null pointer dereference in client when server omits the "nonce" parameter in an unauthorized response with digest authentication

A flaw was found in libsoup, where SoupAuthDigest is vulnerable to a NULL pointer dereference. The HTTP server may cause the libsoup client to crash.

References

https://access.redhat.com/security/cve/CVE-2025-32912 vdb-entryx_refsource_REDHAT
RHBZ#2359356 issue-trackingx_refsource_REDHAT
RHSA-2025:7505 x_refsource_REDHATvendor-advisory
https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html

Affected products

libsoup

<3.6.5

libsoup3

*

Matching in nixpkgs

pkgs.libsoup_3

HTTP client/server library for GNOME

nixos-unstable -
- nixpkgs-unstable 3.6.5

pkgs.libsoup_2_4

HTTP client/server library for GNOME

nixos-unstable -
- nixpkgs-unstable 2.74.3

Ignored packages (1)

pkgs.tests.pkg-config.defaultPkgConfigPackages.%22libsoup-gnome-2.4%22

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

nixos-unstable -
- nixpkgs-unstable

Package maintainers

@jtojnar Jan Tojnar <jtojnar@gmail.com>
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@lovek323 Jason O'Conal <jason@oconal.id.au>
@bobby285271 Bobby Rong <rjl931189261@126.com>
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>

Untriaged

Permalink CVE-2025-32909

5.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): Low (L)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): Low (L)

updated 3 months, 2 weeks ago by @LeSuisse Activity log

Created suggestion 8 months ago
@LeSuisse ignored package tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" 3 months, 2 weeks ago

Libsoup: null pointer dereference on libsoup through function "sniff_mp4" in soup-content-sniffer.c

A flaw was found in libsoup. SoupContentSniffer may be vulnerable to a NULL pointer dereference in the sniff_mp4 function. The HTTP server may cause the libsoup client to crash.

References

https://access.redhat.com/security/cve/CVE-2025-32909 vdb-entryx_refsource_REDHAT
RHBZ#2359353 issue-trackingx_refsource_REDHAT
RHSA-2025:8292 x_refsource_REDHATvendor-advisory
https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html

Affected products

libsoup

<3.6.2

libsoup3

mingw-freetype

*

spice-client-win

*

Matching in nixpkgs

pkgs.libsoup_3

HTTP client/server library for GNOME

nixos-unstable -
- nixpkgs-unstable 3.6.5

pkgs.libsoup_2_4

HTTP client/server library for GNOME

nixos-unstable -
- nixpkgs-unstable 2.74.3

Ignored packages (1)

pkgs.tests.pkg-config.defaultPkgConfigPackages.%22libsoup-gnome-2.4%22

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

nixos-unstable -
- nixpkgs-unstable

Package maintainers

@jtojnar Jan Tojnar <jtojnar@gmail.com>
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@lovek323 Jason O'Conal <jason@oconal.id.au>
@bobby285271 Bobby Rong <rjl931189261@126.com>
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>

Untriaged

Permalink CVE-2025-32914

7.4 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

updated 3 months, 2 weeks ago by @LeSuisse Activity log

Created suggestion 8 months ago
@LeSuisse ignored package tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" 3 months, 2 weeks ago

Libsoup: oob read on libsoup through function "soup_multipart_new_from_message" in soup-multipart.c leads to crash or exit of process

A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds.

References

https://access.redhat.com/security/cve/CVE-2025-32914 vdb-entryx_refsource_REDHAT
RHBZ#2359358 issue-trackingx_refsource_REDHAT
RHSA-2025:7505 x_refsource_REDHATvendor-advisory
RHSA-2025:8126 x_refsource_REDHATvendor-advisory
RHSA-2025:8132 x_refsource_REDHATvendor-advisory
RHSA-2025:8139 x_refsource_REDHATvendor-advisory
RHSA-2025:8140 x_refsource_REDHATvendor-advisory
RHSA-2025:8252 x_refsource_REDHATvendor-advisory
RHSA-2025:8480 x_refsource_REDHATvendor-advisory
RHSA-2025:8481 x_refsource_REDHATvendor-advisory
RHSA-2025:8482 x_refsource_REDHATvendor-advisory
RHSA-2025:8663 x_refsource_REDHATvendor-advisory
RHSA-2025:9179 x_refsource_REDHATvendor-advisory
https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html
RHSA-2025:21657 x_refsource_REDHATvendor-advisory

Affected products

libsoup

<3.6.5
*

libsoup3

*

Matching in nixpkgs

pkgs.libsoup_3

HTTP client/server library for GNOME

nixos-unstable -
- nixpkgs-unstable 3.6.5

pkgs.libsoup_2_4

HTTP client/server library for GNOME

nixos-unstable -
- nixpkgs-unstable 2.74.3

Ignored packages (1)

pkgs.tests.pkg-config.defaultPkgConfigPackages.%22libsoup-gnome-2.4%22

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

nixos-unstable -
- nixpkgs-unstable

Package maintainers

@jtojnar Jan Tojnar <jtojnar@gmail.com>
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@lovek323 Jason O'Conal <jason@oconal.id.au>
@bobby285271 Bobby Rong <rjl931189261@126.com>
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>

Untriaged

Permalink CVE-2025-32906

7.5 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

updated 3 months, 2 weeks ago by @LeSuisse Activity log

Created suggestion 8 months ago
@LeSuisse ignored package tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" 3 months, 2 weeks ago

Libsoup: out of bounds reads in soup_headers_parse_request()

A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server.

References

https://access.redhat.com/security/cve/CVE-2025-32906 vdb-entryx_refsource_REDHAT
RHBZ#2359341 issue-trackingx_refsource_REDHAT
RHSA-2025:4439 x_refsource_REDHATvendor-advisory
RHSA-2025:4440 x_refsource_REDHATvendor-advisory
RHSA-2025:4508 x_refsource_REDHATvendor-advisory
RHSA-2025:4538 x_refsource_REDHATvendor-advisory
RHSA-2025:4560 x_refsource_REDHATvendor-advisory
RHSA-2025:4568 x_refsource_REDHATvendor-advisory
RHSA-2025:4609 x_refsource_REDHATvendor-advisory
RHSA-2025:4624 x_refsource_REDHATvendor-advisory
RHSA-2025:7436 x_refsource_REDHATvendor-advisory
RHSA-2025:7505 x_refsource_REDHATvendor-advisory
RHSA-2025:8292 x_refsource_REDHATvendor-advisory
RHSA-2025:9179 x_refsource_REDHATvendor-advisory
https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html
RHSA-2025:21657 x_refsource_REDHATvendor-advisory

Affected products

libsoup

<3.6.5
*

libsoup3

*

mingw-freetype

*

spice-client-win

*

Matching in nixpkgs

pkgs.libsoup_3

HTTP client/server library for GNOME

nixos-unstable -
- nixpkgs-unstable 3.6.5

pkgs.libsoup_2_4

HTTP client/server library for GNOME

nixos-unstable -
- nixpkgs-unstable 2.74.3

Ignored packages (1)

pkgs.tests.pkg-config.defaultPkgConfigPackages.%22libsoup-gnome-2.4%22

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

nixos-unstable -
- nixpkgs-unstable

Package maintainers

@jtojnar Jan Tojnar <jtojnar@gmail.com>
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@lovek323 Jason O'Conal <jason@oconal.id.au>
@bobby285271 Bobby Rong <rjl931189261@126.com>
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>

Untriaged

Permalink CVE-2025-32907

7.5 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

updated 3 months, 2 weeks ago by @LeSuisse Activity log

Created suggestion 8 months ago
@LeSuisse ignored
2 packages
- tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4"
- libsoup_3
3 months, 2 weeks ago

Libsoup: denial of service in server when client requests a large amount of overlapping ranges with range header

A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory.

References

https://access.redhat.com/security/cve/CVE-2025-32907 vdb-entryx_refsource_REDHAT
RHBZ#2359342 issue-trackingx_refsource_REDHAT
RHSA-2025:4439 x_refsource_REDHATvendor-advisory
RHSA-2025:4440 x_refsource_REDHATvendor-advisory
RHSA-2025:4508 x_refsource_REDHATvendor-advisory
RHSA-2025:7436 x_refsource_REDHATvendor-advisory
RHSA-2025:8128 x_refsource_REDHATvendor-advisory
RHSA-2025:8292 x_refsource_REDHATvendor-advisory

Affected products

libsoup

<3.6.5
*

libsoup3

*

mingw-freetype

*

spice-client-win

*

Matching in nixpkgs

pkgs.libsoup_2_4

HTTP client/server library for GNOME

nixos-unstable -
- nixpkgs-unstable 2.74.3

Ignored packages (2)

pkgs.libsoup_3

HTTP client/server library for GNOME

nixos-unstable -
- nixpkgs-unstable 3.6.5

pkgs.tests.pkg-config.defaultPkgConfigPackages.%22libsoup-gnome-2.4%22

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

nixos-unstable -
- nixpkgs-unstable

Package maintainers

@jtojnar Jan Tojnar <jtojnar@gmail.com>
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@lovek323 Jason O'Conal <jason@oconal.id.au>
@bobby285271 Bobby Rong <rjl931189261@126.com>
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>

Untriaged

Permalink CVE-2025-32913

7.5 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

updated 3 months, 2 weeks ago by @LeSuisse Activity log

Created suggestion 8 months ago
@LeSuisse ignored package tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" 3 months, 2 weeks ago

Libsoup: null pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in content-disposition header

A flaw was found in libsoup, where the soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function.

References

https://access.redhat.com/security/cve/CVE-2025-32913 vdb-entryx_refsource_REDHAT
RHBZ#2359357 issue-trackingx_refsource_REDHAT
RHSA-2025:4439 x_refsource_REDHATvendor-advisory
RHSA-2025:4440 x_refsource_REDHATvendor-advisory
RHSA-2025:4508 x_refsource_REDHATvendor-advisory
RHSA-2025:4538 x_refsource_REDHATvendor-advisory
RHSA-2025:4560 x_refsource_REDHATvendor-advisory
RHSA-2025:4568 x_refsource_REDHATvendor-advisory
RHSA-2025:4609 x_refsource_REDHATvendor-advisory
RHSA-2025:4624 x_refsource_REDHATvendor-advisory
RHSA-2025:7436 x_refsource_REDHATvendor-advisory
RHSA-2025:8292 x_refsource_REDHATvendor-advisory
RHSA-2025:9179 x_refsource_REDHATvendor-advisory
https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html
RHSA-2025:21657 x_refsource_REDHATvendor-advisory

Affected products

libsoup

<3.6.2
*

libsoup3

mingw-freetype

*

spice-client-win

*

Matching in nixpkgs

pkgs.libsoup_3

HTTP client/server library for GNOME

nixos-unstable -
- nixpkgs-unstable 3.6.5

pkgs.libsoup_2_4

HTTP client/server library for GNOME

nixos-unstable -
- nixpkgs-unstable 2.74.3

Ignored packages (1)

pkgs.tests.pkg-config.defaultPkgConfigPackages.%22libsoup-gnome-2.4%22

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

nixos-unstable -
- nixpkgs-unstable

Package maintainers

@jtojnar Jan Tojnar <jtojnar@gmail.com>
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@lovek323 Jason O'Conal <jason@oconal.id.au>
@bobby285271 Bobby Rong <rjl931189261@126.com>
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>

Untriaged

Permalink CVE-2025-32908

7.5 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

updated 3 months, 2 weeks ago by @LeSuisse Activity log

Created suggestion 8 months ago
@LeSuisse ignored package tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" 3 months, 2 weeks ago

Libsoup: denial of service on libsoup through http/2 server

A flaw was found in libsoup. The HTTP/2 server in libsoup may not fully validate the values of pseudo-headers :scheme, :authority, and :path, which may allow a user to cause a denial of service (DoS).

References

https://access.redhat.com/security/cve/CVE-2025-32908 vdb-entryx_refsource_REDHAT
RHBZ#2359343 issue-trackingx_refsource_REDHAT
RHSA-2025:7505 x_refsource_REDHATvendor-advisory

Affected products

libsoup

<3.6.5

libsoup3

*

Matching in nixpkgs

pkgs.libsoup_3

HTTP client/server library for GNOME

nixos-unstable -
- nixpkgs-unstable 3.6.5

pkgs.libsoup_2_4

HTTP client/server library for GNOME

nixos-unstable -
- nixpkgs-unstable 2.74.3

Ignored packages (1)

pkgs.tests.pkg-config.defaultPkgConfigPackages.%22libsoup-gnome-2.4%22

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

nixos-unstable -
- nixpkgs-unstable

Package maintainers

@jtojnar Jan Tojnar <jtojnar@gmail.com>
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@lovek323 Jason O'Conal <jason@oconal.id.au>
@bobby285271 Bobby Rong <rjl931189261@126.com>
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>

Untriaged

Permalink CVE-2025-32050

5.9 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

updated 3 months, 2 weeks ago by @LeSuisse Activity log

Created suggestion 8 months ago
@LeSuisse ignored package tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" 3 months, 2 weeks ago

Libsoup: integer overflow in append_param_quoted

A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read.

References

https://access.redhat.com/security/cve/CVE-2025-32050 vdb-entryx_refsource_REDHAT
RHBZ#2357067 issue-trackingx_refsource_REDHAT
RHSA-2025:4440 x_refsource_REDHATvendor-advisory
RHSA-2025:4508 x_refsource_REDHATvendor-advisory
RHSA-2025:4560 x_refsource_REDHATvendor-advisory
RHSA-2025:4568 x_refsource_REDHATvendor-advisory
RHSA-2025:7436 x_refsource_REDHATvendor-advisory
RHSA-2025:8292 x_refsource_REDHATvendor-advisory
https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html

Affected products

libsoup

<3.6.1
*

libsoup3

mingw-freetype

*

spice-client-win

*

Matching in nixpkgs

pkgs.libsoup_3

HTTP client/server library for GNOME

nixos-unstable -
- nixpkgs-unstable 3.6.5

pkgs.libsoup_2_4

HTTP client/server library for GNOME

nixos-unstable -
- nixpkgs-unstable 2.74.3

Ignored packages (1)

pkgs.tests.pkg-config.defaultPkgConfigPackages.%22libsoup-gnome-2.4%22

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

nixos-unstable -
- nixpkgs-unstable

Package maintainers

@jtojnar Jan Tojnar <jtojnar@gmail.com>
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@lovek323 Jason O'Conal <jason@oconal.id.au>
@bobby285271 Bobby Rong <rjl931189261@126.com>
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>

Untriaged

Permalink CVE-2025-32051

5.9 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

updated 3 months, 2 weeks ago by @LeSuisse Activity log

Created suggestion 8 months ago
@LeSuisse ignored package tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" 3 months, 2 weeks ago

Libsoup: segmentation fault when parsing malformed data uri

A flaw was found in libsoup. The libsoup soup_uri_decode_data_uri() function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service (DoS).

References

https://access.redhat.com/security/cve/CVE-2025-32051 vdb-entryx_refsource_REDHAT
RHBZ#2357068 issue-trackingx_refsource_REDHAT

Affected products

libsoup

<3.6.1

libsoup3

Matching in nixpkgs

pkgs.libsoup_3

HTTP client/server library for GNOME

nixos-unstable -
- nixpkgs-unstable 3.6.5

pkgs.libsoup_2_4

HTTP client/server library for GNOME

nixos-unstable -
- nixpkgs-unstable 2.74.3

Ignored packages (1)

pkgs.tests.pkg-config.defaultPkgConfigPackages.%22libsoup-gnome-2.4%22

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

nixos-unstable -
- nixpkgs-unstable

Package maintainers

@jtojnar Jan Tojnar <jtojnar@gmail.com>
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@lovek323 Jason O'Conal <jason@oconal.id.au>
@bobby285271 Bobby Rong <rjl931189261@126.com>
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>

Untriaged

Permalink CVE-2025-32049

7.5 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

updated 3 months, 2 weeks ago by @LeSuisse Activity log

Created suggestion 8 months ago
@LeSuisse ignored package tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" 3 months, 2 weeks ago

Libsoup: denial of service attack to websocket server

A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).

References

https://access.redhat.com/security/cve/CVE-2025-32049 vdb-entryx_refsource_REDHAT
RHBZ#2357066 issue-trackingx_refsource_REDHAT
RHSA-2025:8126 x_refsource_REDHATvendor-advisory
RHSA-2025:8128 x_refsource_REDHATvendor-advisory
RHSA-2025:8132 x_refsource_REDHATvendor-advisory
RHSA-2025:8139 x_refsource_REDHATvendor-advisory
RHSA-2025:8140 x_refsource_REDHATvendor-advisory
RHSA-2025:8252 x_refsource_REDHATvendor-advisory
RHSA-2025:8480 x_refsource_REDHATvendor-advisory
RHSA-2025:8481 x_refsource_REDHATvendor-advisory
RHSA-2025:8482 x_refsource_REDHATvendor-advisory
RHSA-2025:8663 x_refsource_REDHATvendor-advisory
RHSA-2025:9179 x_refsource_REDHATvendor-advisory
RHSA-2025:21657 x_refsource_REDHATvendor-advisory

Affected products

libsoup

*
=<3.6.4

libsoup3

*

Matching in nixpkgs

pkgs.libsoup_3

HTTP client/server library for GNOME

nixos-unstable -
- nixpkgs-unstable 3.6.5

pkgs.libsoup_2_4

HTTP client/server library for GNOME

nixos-unstable -
- nixpkgs-unstable 2.74.3

Ignored packages (1)

pkgs.tests.pkg-config.defaultPkgConfigPackages.%22libsoup-gnome-2.4%22

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

nixos-unstable -
- nixpkgs-unstable

Package maintainers

@jtojnar Jan Tojnar <jtojnar@gmail.com>
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@lovek323 Jason O'Conal <jason@oconal.id.au>
@bobby285271 Bobby Rong <rjl931189261@126.com>
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.libsoup_3

pkgs.libsoup_2_4

pkgs.tests.pkg-config.defaultPkgConfigPackages.%22libsoup-gnome-2.4%22

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.libsoup_3

pkgs.libsoup_2_4

pkgs.tests.pkg-config.defaultPkgConfigPackages.%22libsoup-gnome-2.4%22

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.libsoup_3

pkgs.libsoup_2_4

pkgs.tests.pkg-config.defaultPkgConfigPackages.%22libsoup-gnome-2.4%22

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.libsoup_3

pkgs.libsoup_2_4

pkgs.tests.pkg-config.defaultPkgConfigPackages.%22libsoup-gnome-2.4%22

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.libsoup_2_4

pkgs.libsoup_3

pkgs.tests.pkg-config.defaultPkgConfigPackages.%22libsoup-gnome-2.4%22

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.libsoup_3

pkgs.libsoup_2_4

pkgs.tests.pkg-config.defaultPkgConfigPackages.%22libsoup-gnome-2.4%22

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.libsoup_3

pkgs.libsoup_2_4

pkgs.tests.pkg-config.defaultPkgConfigPackages.%22libsoup-gnome-2.4%22

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.libsoup_3

pkgs.libsoup_2_4

pkgs.tests.pkg-config.defaultPkgConfigPackages.%22libsoup-gnome-2.4%22

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.libsoup_3

pkgs.libsoup_2_4

pkgs.tests.pkg-config.defaultPkgConfigPackages.%22libsoup-gnome-2.4%22

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.libsoup_3

pkgs.libsoup_2_4

pkgs.tests.pkg-config.defaultPkgConfigPackages.%22libsoup-gnome-2.4%22

Package maintainers