Primary

Context

libsoup NULL Pointer Dereference Vulnerability in Digest Authentication Handling

Vulnerability

A NULL pointer dereference vulnerability has been identified in libsoup, specifically in the 'soup_auth_digest_authenticate()' function. This issue arises when an HTTP server omits the 'realm' parameter in an Unauthorized response using Digest authentication, leading to a crash of the libsoup client. The vulnerability affects libsoup versions prior to 3.6.3.

Impact

Exploitation of this vulnerability causes a crash of the libsoup client, due to a NULL pointer dereference.

Remediation

Users can upgrade to Red Hat Enterprise Linux 8, where this vulnerability has been addressed. For details on how to apply this update, refer to the Red Hat Enterprise Linux 8 Security Advisory RHSA-2025:8292.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

6.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

6.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

libsoup NULL Pointer Dereference Vulnerability in Digest Authentication Handling

Vulnerability

Impact

Remediation

Affected Products

libsoup

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating