Suggestions search

Dismissed

Filter by:

With package: libsoup_2_4

Found 2 matching suggestions

View:

Compact

Detailed

Permalink CVE-2025-7370

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

updated 2 months ago by @LeSuisse Activity log

Created automatic suggestion 6 months, 3 weeks ago
@LeSuisse removed package tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" 2 months ago
@LeSuisse dismissed 2 months ago

Libsoup: libsoup null pointer dereference

A flaw was found in libsoup. A NULL pointer dereference vulnerability occurs in libsoup's cookie parsing functionality. When processing a cookie without a domain parameter, the soup_cookie_jar_add_cookie() function will crash, resulting in a denial of service.

References

https://access.redhat.com/security/cve/CVE-2025-7370 x_refsource_REDHATvdb-entry
RHBZ#2378888 issue-trackingx_refsource_REDHAT

Affected products

libsoup

libsoup3

Matching in nixpkgs

pkgs.libsoup_3

HTTP client/server library for GNOME

nixos-unstable -
- nixpkgs-unstable 3.6.5

pkgs.libsoup_2_4

HTTP client/server library for GNOME

nixos-unstable -
- nixpkgs-unstable 2.74.3

Package maintainers

@jtojnar Jan Tojnar <jtojnar@gmail.com>
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@lovek323 Jason O'Conal <jason@oconal.id.au>
@bobby285271 Bobby Rong <rjl931189261@126.com>

CVE has been rejected https://gitlab.gnome.org/GNOME/libsoup/-/issues/430#note_2494090

Permalink CVE-2025-8197

5.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

updated 2 months ago by @LeSuisse Activity log

Created automatic suggestion 6 months, 3 weeks ago
@LeSuisse removed package tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" 2 months ago
@LeSuisse dismissed 2 months ago

Libsoup: global-buffer-overflow

A global buffer overflow vulnerability was found in the soup_header_name_to_string function in Libsoup. The `soup_header_name_to_string` function does not validate the `name` parameter passed in, and directly accesses `soup_header_name_strings[name]`. The value of `name` is controllable, when `name` exceeds the index range of `soup_headr_name_string`, it will cause an out-of-bounds access.

References

https://access.redhat.com/security/cve/CVE-2025-8197 x_refsource_REDHATvdb-entry
RHBZ#2383525 issue-trackingx_refsource_REDHAT

Affected products

libsoup

libsoup3

Matching in nixpkgs

pkgs.libsoup_3

HTTP client/server library for GNOME

nixos-unstable -
- nixpkgs-unstable 3.6.5

pkgs.libsoup_2_4

HTTP client/server library for GNOME

nixos-unstable -
- nixpkgs-unstable 2.74.3

Package maintainers

@jtojnar Jan Tojnar <jtojnar@gmail.com>
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@lovek323 Jason O'Conal <jason@oconal.id.au>
@bobby285271 Bobby Rong <rjl931189261@126.com>

CVE has been rejected

https://gitlab.gnome.org/GNOME/libsoup/-/issues/465#note_2549883