SB2025052715 - Multiple vulnerabilities in libsoup

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2025-32906)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in soup_headers_parse_request() function. A remote attacker can trick the victim into visiting a specially crafted website, trigger an out-of-bounds read error and read contents of memory on the system.

2) Buffer Over-read (CVE-ID: CVE-2025-2784)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error within the skip_insignificant_whitespace() function when reading server HTTP response. A remote attacker can trick the victim into visiting a specially crafted website and read 1 byte out of bounds.

3) NULL pointer dereference (CVE-ID: CVE-2025-32912)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in SoupAuthDigest. A remote attacker can trick the victim into visiting a specially crafted website and crash the application.

4) Information disclosure (CVE-ID: CVE-2025-46421)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to libsoup includes authorization headers into requests when handling HTTP redirects. A remote attacker can gain access to credentials intended for a different website.

Remediation

Install update from vendor's website.

References

• https://bugzilla.redhat.com/show_bug.cgi?id=2359341
• https://bugzilla.redhat.com/show_bug.cgi?id=2354669
• https://gitlab.gnome.org/GNOME/libsoup/-/issues/422
• https://bugzilla.redhat.com/show_bug.cgi?id=2359356
• https://bugzilla.redhat.com/show_bug.cgi?id=2361962