CVE-2025-2784

HIGH

Gnome Libsoup < 3.6.5 - Out-of-Bounds Read

Title source: rule

Description

A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.

References (16)

Core 16

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html

Exploit, Issue Tracking

https://gitlab.gnome.org/GNOME/libsoup/-/issues/422

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:21657

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:7505

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:8126

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:8132

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:8139

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:8140

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:8252

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:8480

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:8481

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:8482

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:8663

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:9179

Third Party Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2025-2784

Third Party Advisory issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2354669

Scores

CVSS v3 7.0

EPSS 0.0215

EPSS Percentile 84.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-125

Status published

Products (50)

gnome/libsoup < 3.6.5

redhat/codeready_linux_builder 10.0

redhat/codeready_linux_builder_for_arm64 10.0_aarch64

redhat/codeready_linux_builder_for_arm64_eus 10.0_aarch64

redhat/codeready_linux_builder_for_ibm_z_systems 10.0_s390x

redhat/codeready_linux_builder_for_ibm_z_systems_eus 10.0_s390x

redhat/codeready_linux_builder_for_power_little_endian 10.0_ppc64le

redhat/codeready_linux_builder_for_power_little_endian_eus 10.0_ppc64le

redhat/enterprise_linux 8.0

redhat/enterprise_linux 9.0

... and 40 more

Published Apr 03, 2025

Tracked Since Feb 18, 2026