libsoup WebSocket Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in libsoup's WebSocket implementation. The issue arises because the SoupWebsocketConnection component does not properly limit the size of WebSocket messages, allowing a malicious peer to send large messages that can cause excessive memory allocation. This flaw can lead to a denial-of-service condition by exhausting system resources.

Impact

Exploitation of this vulnerability can cause a denial-of-service condition on the WebSocket server, leading to increased memory usage and potential application crashes.

Reproduction

To reproduce this vulnerability, send large WebSocket messages composed of multiple smaller packets to a server using libsoup. The server will accept the messages and allocate memory for them, which can exhaust system resources and cause a denial-of-service condition.

Remediation

Users can apply the available update for libsoup. Instructions for applying this update can be found in the Red Hat Product Errata RHSA-2025:8126, RHSA-2025:8128, RHSA-2025:8132, RHSA-2025:8139, RHSA-2025:8140, and RHSA-2025:8252.