Primary

Context

libsoup Integer Overflow Vulnerability in append_param_quoted Function Leading to Buffer Under-read

Vulnerability

Patched

A vulnerability exists in the libsoup library, specifically in the append_param_quoted() function, prior to version 3.6.1. This vulnerability is an integer overflow that results in a buffer under-read. It can be triggered by sending an excessively large HTTP request to a libsoup server.

Impact

Exploitation of this vulnerability causes a buffer under-read, which can lead to memory corruption or unauthorized memory access.

Remediation

This vulnerability has been fixed in libsoup version 3.6.1. Users can apply the update by following the instructions available in the Red Hat Product Errata RHSA-2025:4440, RHSA-2025:4508, RHSA-2025:4560, RHSA-2025:4568, and RHSA-2025:8292.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

8.1

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

8.1

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

libsoup Integer Overflow Vulnerability in append_param_quoted Function Leading to Buffer Under-read

Vulnerability

Impact

Remediation

Affected Products

libsoup

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating