CVE-2025-2784

Published: Apr 3, 2025

Modified: Nov 18, 2025

PUBLISHED

CVSS v3.1

7.0

HIGH

Description

A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.

Vendor	Product	Versions
Unknown	libsoup	affected `0 - < 3.6.5`
Red Hat	Red Hat Enterprise Linux 10	unaffected `0:3.6.5-3.el10_0 - < *`
Red Hat	Red Hat Enterprise Linux 7 Extended Lifecycle Support	unaffected `0:2.62.2-9.el7_9 - < *`
Red Hat	Red Hat Enterprise Linux 7 Extended Lifecycle Support	unaffected `0:2.62.2-6.el7_9 - < *`
Red Hat	Red Hat Enterprise Linux 8	unaffected `0:2.62.3-9.el8_10 - < *`
Red Hat	Red Hat Enterprise Linux 8	unaffected `0:2.62.3-9.el8_10 - < *`
Red Hat	Red Hat Enterprise Linux 8.2 Advanced Update Support	unaffected `0:2.62.3-1.el8_2.5 - < *`
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	unaffected `0:2.62.3-2.el8_4.5 - < *`
Red Hat	Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	unaffected `0:2.62.3-2.el8_6.5 - < *`
Red Hat	Red Hat Enterprise Linux 8.6 Telecommunications Update Service	unaffected `0:2.62.3-2.el8_6.5 - < *`
Red Hat	Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	unaffected `0:2.62.3-2.el8_6.5 - < *`
Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support	unaffected `0:2.62.3-3.el8_8.5 - < *`
Red Hat	Red Hat Enterprise Linux 9	unaffected `0:2.72.0-10.el9_6.2 - < *`
Red Hat	Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	unaffected `0:2.72.0-8.el9_0.5 - < *`
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	unaffected `0:2.72.0-8.el9_2.5 - < *`
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	unaffected `0:2.72.0-8.el9_4.5 - < *`
Red Hat	Red Hat Enterprise Linux 6	All versions