Nixpkgs security tracker

Login with GitHub

Suggestions search

All statuses

Filter by:

With package: libsoup_2_4

Found 43 matching suggestions

View:

Compact

Detailed

Untriaged

Permalink CVE-2025-2784

7.0 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): Low (L)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): Low (L)
Modified Availability (MA): High (H)

updated 3 months, 2 weeks ago by @LeSuisse Activity log

Created suggestion 8 months ago
@LeSuisse ignored package tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" 3 months, 2 weeks ago

Libsoup: heap buffer over-read in `skip_insignificant_space` when sniffing content

A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.

References

https://access.redhat.com/security/cve/CVE-2025-2784 vdb-entryx_refsource_REDHAT
RHBZ#2354669 issue-trackingx_refsource_REDHAT
https://gitlab.gnome.org/GNOME/libsoup/-/issues/422 exploit
RHSA-2025:7505 x_refsource_REDHATvendor-advisory
RHSA-2025:8126 x_refsource_REDHATvendor-advisory
RHSA-2025:8132 x_refsource_REDHATvendor-advisory
RHSA-2025:8139 x_refsource_REDHATvendor-advisory
RHSA-2025:8140 x_refsource_REDHATvendor-advisory
RHSA-2025:8252 x_refsource_REDHATvendor-advisory
RHSA-2025:8480 x_refsource_REDHATvendor-advisory
RHSA-2025:8481 x_refsource_REDHATvendor-advisory
RHSA-2025:8482 x_refsource_REDHATvendor-advisory
RHSA-2025:8663 x_refsource_REDHATvendor-advisory
RHSA-2025:9179 x_refsource_REDHATvendor-advisory
https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html
RHSA-2025:21657 x_refsource_REDHATvendor-advisory

Affected products

libsoup

<3.6.5
*

libsoup3

*

Matching in nixpkgs

pkgs.libsoup_3

HTTP client/server library for GNOME

nixos-unstable -
- nixpkgs-unstable 3.6.5

pkgs.libsoup_2_4

HTTP client/server library for GNOME

nixos-unstable -
- nixpkgs-unstable 2.74.3

Ignored packages (1)

pkgs.tests.pkg-config.defaultPkgConfigPackages.%22libsoup-gnome-2.4%22

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

nixos-unstable -
- nixpkgs-unstable

Package maintainers

@jtojnar Jan Tojnar <jtojnar@gmail.com>
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@lovek323 Jason O'Conal <jason@oconal.id.au>
@bobby285271 Bobby Rong <rjl931189261@126.com>
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>

Untriaged

Permalink CVE-2025-32052

6.5 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): None (N)
Availability (A): Low (L)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): Low (L)

updated 3 months, 2 weeks ago by @LeSuisse Activity log

Created suggestion 8 months ago
@LeSuisse ignored package tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" 3 months, 2 weeks ago

Libsoup: heap buffer overflow in sniff_unknown()

A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.

References

https://access.redhat.com/security/cve/CVE-2025-32052 vdb-entryx_refsource_REDHAT
RHBZ#2357069 issue-trackingx_refsource_REDHAT
RHSA-2025:4440 x_refsource_REDHATvendor-advisory
RHSA-2025:4508 x_refsource_REDHATvendor-advisory
RHSA-2025:4560 x_refsource_REDHATvendor-advisory
RHSA-2025:4568 x_refsource_REDHATvendor-advisory
RHSA-2025:7436 x_refsource_REDHATvendor-advisory
RHSA-2025:8292 x_refsource_REDHATvendor-advisory
https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html

Affected products

libsoup

<3.6.1
*

libsoup3

mingw-freetype

*

spice-client-win

*

Matching in nixpkgs

pkgs.libsoup_3

HTTP client/server library for GNOME

nixos-unstable -
- nixpkgs-unstable 3.6.5

pkgs.libsoup_2_4

HTTP client/server library for GNOME

nixos-unstable -
- nixpkgs-unstable 2.74.3

Ignored packages (1)

pkgs.tests.pkg-config.defaultPkgConfigPackages.%22libsoup-gnome-2.4%22

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

nixos-unstable -
- nixpkgs-unstable

Package maintainers

@jtojnar Jan Tojnar <jtojnar@gmail.com>
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@lovek323 Jason O'Conal <jason@oconal.id.au>
@bobby285271 Bobby Rong <rjl931189261@126.com>
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>

Untriaged

Permalink CVE-2025-32053

6.5 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): None (N)
Availability (A): Low (L)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): Low (L)

updated 3 months, 2 weeks ago by @LeSuisse Activity log

Created suggestion 8 months ago
@LeSuisse ignored package tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" 3 months, 2 weeks ago

Libsoup: heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space()

A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read.

References

https://access.redhat.com/security/cve/CVE-2025-32053 vdb-entryx_refsource_REDHAT
RHBZ#2357070 issue-trackingx_refsource_REDHAT
RHSA-2025:4440 x_refsource_REDHATvendor-advisory
RHSA-2025:4508 x_refsource_REDHATvendor-advisory
RHSA-2025:4560 x_refsource_REDHATvendor-advisory
RHSA-2025:4568 x_refsource_REDHATvendor-advisory
RHSA-2025:7436 x_refsource_REDHATvendor-advisory
RHSA-2025:8292 x_refsource_REDHATvendor-advisory
https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html

Affected products

libsoup

<3.6.1
*

libsoup3

mingw-freetype

*

spice-client-win

*

Matching in nixpkgs

pkgs.libsoup_3

HTTP client/server library for GNOME

nixos-unstable -
- nixpkgs-unstable 3.6.5

pkgs.libsoup_2_4

HTTP client/server library for GNOME

nixos-unstable -
- nixpkgs-unstable 2.74.3

Ignored packages (1)

pkgs.tests.pkg-config.defaultPkgConfigPackages.%22libsoup-gnome-2.4%22

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

nixos-unstable -
- nixpkgs-unstable

Package maintainers

@jtojnar Jan Tojnar <jtojnar@gmail.com>
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@lovek323 Jason O'Conal <jason@oconal.id.au>
@bobby285271 Bobby Rong <rjl931189261@126.com>
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>

1
2
3
4
5