Exploitation Summary
EIP tracks 1 public exploit for CVE-2025-11021. PoCs published by ValentinTorassa.
AI-analyzed exploit summary This repository contains detailed patch files and technical analysis for multiple CVEs, including CVE-2025-11021, which involves an out-of-bounds read in libsoup3's cookie date parsing due to integer overflow in parse_timezone(). The patches include input validation and bounds checks to prevent memory corruption.
Description
A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in unintended disclosure of memory contents, potentially exposing sensitive information from the process using libsoup.
Exploits (1)
This repository contains detailed patch files and technical analysis for multiple CVEs, including CVE-2025-11021, which involves an out-of-bounds read in libsoup3's cookie date parsing due to integer overflow in parse_timezone(). The patches include input validation and bounds checks to prevent memory corruption.
References (16)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N