CVE-2025-2784

EUVD-2025-9569
A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
Affected Products (NVD)
VendorProductVersion
gnomelibsoup
𝑥
< 3.6.5
redhatcodeready_linux_builder
10.0
redhatcodeready_linux_builder_for_arm64
10.0_aarch64:_aarch64
redhatcodeready_linux_builder_for_arm64_eus
10.0_aarch64:_aarch64
redhatcodeready_linux_builder_for_ibm_z_systems
10.0_s390x:_s390x
redhatcodeready_linux_builder_for_ibm_z_systems_eus
10.0_s390x:_s390x
redhatcodeready_linux_builder_for_power_little_endian
10.0_ppc64le:_ppc64le
redhatcodeready_linux_builder_for_power_little_endian_eus
10.0_ppc64le:_ppc64le
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
redhatenterprise_linux
10.0
redhatenterprise_linux_eus
8.8
redhatenterprise_linux_eus
9.2
redhatenterprise_linux_eus
9.4
redhatenterprise_linux_eus
9.6
redhatenterprise_linux_eus
10.0
redhatenterprise_linux_for_arm_64
8.0_aarch64:_aarch64
redhatenterprise_linux_for_arm_64
9.0_aarch64:_aarch64
redhatenterprise_linux_for_arm_64
10.0_aarch64:_aarch64
redhatenterprise_linux_for_arm_64_eus
8.8_aarch64:_aarch64
redhatenterprise_linux_for_arm_64_eus
9.2_aarch64:_aarch64
redhatenterprise_linux_for_arm_64_eus
9.4_aarch64:_aarch64
redhatenterprise_linux_for_arm_64_eus
9.6_aarch64:_aarch64
redhatenterprise_linux_for_arm_64_eus
10.0_aarch64:_aarch64
redhatenterprise_linux_for_ibm_z_systems
8.0_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems
9.0_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems
10.0_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems_eus
8.8_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems_eus
9.2_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems_eus
9.4_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems_eus
9.6_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems_eus
10.0_s390x:_s390x
redhatenterprise_linux_for_power_little_endian
8.0_ppc64le:_ppc64le
redhatenterprise_linux_for_power_little_endian
9.0_ppc64le:_ppc64le
redhatenterprise_linux_for_power_little_endian
10.0_ppc64le:_ppc64le
redhatenterprise_linux_for_power_little_endian_eus
8.8_ppc64le:_ppc64le
redhatenterprise_linux_for_power_little_endian_eus
9.2_ppc64le:_ppc64le
redhatenterprise_linux_for_power_little_endian_eus
9.4_ppc64le:_ppc64le
redhatenterprise_linux_for_power_little_endian_eus
9.6_ppc64le:_ppc64le
redhatenterprise_linux_for_power_little_endian_eus
10.0_ppc64le:_ppc64le
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_aus
8.2
redhatenterprise_linux_server_aus
8.4
redhatenterprise_linux_server_aus
8.6
redhatenterprise_linux_server_aus
9.2
redhatenterprise_linux_server_aus
9.4
redhatenterprise_linux_server_aus
9.6
redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
8.6_ppc64le:_ppc64le
redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
9.0_ppc64le:_ppc64le
redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
9.6_ppc64le:_ppc64le
redhatenterprise_linux_server_tus
8.6
redhatenterprise_linux_server_tus
8.8
redhatenterprise_linux_update_services_for_sap_solutions
8.8
redhatenterprise_linux_update_services_for_sap_solutions
9.0
redhatenterprise_linux_update_services_for_sap_solutions
9.2
redhatenterprise_linux_update_services_for_sap_solutions
9.4
redhatenterprise_linux_update_services_for_sap_solutions
9.6
𝑥
= Vulnerable software versions
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libsoup-2_4-1
suse enterprise desktop 15 SP6
2.74.3-150600.4.6.1
fixed
suse enterprise desktop 15 SP7
2.74.3-150600.4.6.1
fixed
suse enterprise sap 15 SP4
2.74.2-150400.3.6.1
fixed
suse enterprise sap 15 SP5
2.74.2-150400.3.6.1
fixed
suse enterprise sap 15 SP6
2.74.3-150600.4.6.1
fixed
suse enterprise sap 15 SP7
2.74.3-150600.4.6.1
fixed
suse enterprise server 12 SP3
2.62.2-5.12.1
fixed
suse enterprise server 12 SP5
2.62.2-5.12.1
fixed
suse enterprise server 15 SP2
2.68.4-150200.4.6.1
fixed
suse enterprise server 15 SP3
2.68.4-150200.4.6.1
fixed
suse enterprise server 15 SP4
2.74.2-150400.3.6.1
fixed
suse enterprise server 15 SP5
2.74.2-150400.3.6.1
fixed
suse enterprise server 15 SP6
2.74.3-150600.4.6.1
fixed
suse enterprise server 15 SP7
2.74.3-150600.4.6.1
fixed
libsoup-2_4-1-32bit
suse enterprise server 12 SP3
2.62.2-5.12.1
fixed
suse enterprise server 12 SP5
2.62.2-5.12.1
fixed
libsoup-3_0-0
suse enterprise desktop 15 SP6
3.4.4-150600.3.7.1
fixed
suse enterprise desktop 15 SP7
3.4.4-150600.3.7.1
fixed
suse enterprise sap 15 SP4
3.0.4-150400.3.7.1
fixed
suse enterprise sap 15 SP5
3.0.4-150400.3.7.1
fixed
suse enterprise sap 15 SP6
3.4.4-150600.3.7.1
fixed
suse enterprise sap 15 SP7
3.4.4-150600.3.7.1
fixed
suse enterprise server 15 SP4
3.0.4-150400.3.7.1
fixed
suse enterprise server 15 SP5
3.0.4-150400.3.7.1
fixed
suse enterprise server 15 SP6
3.4.4-150600.3.7.1
fixed
suse enterprise server 15 SP7
3.4.4-150600.3.7.1
fixed
libsoup-devel
suse enterprise desktop 15 SP6
3.4.4-150600.3.7.1
fixed
suse enterprise desktop 15 SP7
3.4.4-150600.3.7.1
fixed
suse enterprise sap 15 SP4
3.0.4-150400.3.7.1
fixed
suse enterprise sap 15 SP5
3.0.4-150400.3.7.1
fixed
suse enterprise sap 15 SP6
3.4.4-150600.3.7.1
fixed
suse enterprise sap 15 SP7
3.4.4-150600.3.7.1
fixed
suse enterprise server 12 SP3
2.62.2-5.12.1
fixed
suse enterprise server 12 SP5
2.62.2-5.12.1
fixed
suse enterprise server 15 SP2
2.68.4-150200.4.6.1
fixed
suse enterprise server 15 SP3
2.68.4-150200.4.6.1
fixed
suse enterprise server 15 SP4
3.0.4-150400.3.7.1
fixed
suse enterprise server 15 SP5
3.0.4-150400.3.7.1
fixed
suse enterprise server 15 SP6
3.4.4-150600.3.7.1
fixed
suse enterprise server 15 SP7
3.4.4-150600.3.7.1
fixed
libsoup-lang
suse enterprise desktop 15 SP6
3.4.4-150600.3.7.1
fixed
suse enterprise desktop 15 SP7
3.4.4-150600.3.7.1
fixed
suse enterprise sap 15 SP4
3.0.4-150400.3.7.1
fixed
suse enterprise sap 15 SP5
3.0.4-150400.3.7.1
fixed
suse enterprise sap 15 SP6
3.4.4-150600.3.7.1
fixed
suse enterprise sap 15 SP7
3.4.4-150600.3.7.1
fixed
suse enterprise server 12 SP3
2.62.2-5.12.1
fixed
suse enterprise server 12 SP5
2.62.2-5.12.1
fixed
suse enterprise server 15 SP2
2.68.4-150200.4.6.1
fixed
suse enterprise server 15 SP3
2.68.4-150200.4.6.1
fixed
suse enterprise server 15 SP4
3.0.4-150400.3.7.1
fixed
suse enterprise server 15 SP5
3.0.4-150400.3.7.1
fixed
suse enterprise server 15 SP6
3.4.4-150600.3.7.1
fixed
suse enterprise server 15 SP7
3.4.4-150600.3.7.1
fixed
libsoup2-devel
suse enterprise desktop 15 SP6
2.74.3-150600.4.6.1
fixed
suse enterprise desktop 15 SP7
2.74.3-150600.4.6.1
fixed
suse enterprise sap 15 SP4
2.74.2-150400.3.6.1
fixed
suse enterprise sap 15 SP5
2.74.2-150400.3.6.1
fixed
suse enterprise sap 15 SP6
2.74.3-150600.4.6.1
fixed
suse enterprise sap 15 SP7
2.74.3-150600.4.6.1
fixed
suse enterprise server 15 SP4
2.74.2-150400.3.6.1
fixed
suse enterprise server 15 SP5
2.74.2-150400.3.6.1
fixed
suse enterprise server 15 SP6
2.74.3-150600.4.6.1
fixed
suse enterprise server 15 SP7
2.74.3-150600.4.6.1
fixed
libsoup2-lang
suse enterprise desktop 15 SP6
2.74.3-150600.4.6.1
fixed
suse enterprise desktop 15 SP7
2.74.3-150600.4.6.1
fixed
suse enterprise sap 15 SP4
2.74.2-150400.3.6.1
fixed
suse enterprise sap 15 SP5
2.74.2-150400.3.6.1
fixed
suse enterprise sap 15 SP6
2.74.3-150600.4.6.1
fixed
suse enterprise sap 15 SP7
2.74.3-150600.4.6.1
fixed
suse enterprise server 15 SP4
2.74.2-150400.3.6.1
fixed
suse enterprise server 15 SP5
2.74.2-150400.3.6.1
fixed
suse enterprise server 15 SP6
2.74.3-150600.4.6.1
fixed
suse enterprise server 15 SP7
2.74.3-150600.4.6.1
fixed
typelib-1_0-Soup-2_4
suse enterprise desktop 15 SP6
2.74.3-150600.4.6.1
fixed
suse enterprise desktop 15 SP7
2.74.3-150600.4.6.1
fixed
suse enterprise sap 15 SP4
2.74.2-150400.3.6.1
fixed
suse enterprise sap 15 SP5
2.74.2-150400.3.6.1
fixed
suse enterprise sap 15 SP6
2.74.3-150600.4.6.1
fixed
suse enterprise sap 15 SP7
2.74.3-150600.4.6.1
fixed
suse enterprise server 12 SP3
2.62.2-5.12.1
fixed
suse enterprise server 12 SP5
2.62.2-5.12.1
fixed
suse enterprise server 15 SP2
2.68.4-150200.4.6.1
fixed
suse enterprise server 15 SP3
2.68.4-150200.4.6.1
fixed
suse enterprise server 15 SP4
2.74.2-150400.3.6.1
fixed
suse enterprise server 15 SP5
2.74.2-150400.3.6.1
fixed
suse enterprise server 15 SP6
2.74.3-150600.4.6.1
fixed
suse enterprise server 15 SP7
2.74.3-150600.4.6.1
fixed
typelib-1_0-Soup-3_0
suse enterprise desktop 15 SP6
3.4.4-150600.3.7.1
fixed
suse enterprise desktop 15 SP7
3.4.4-150600.3.7.1
fixed
suse enterprise sap 15 SP4
3.0.4-150400.3.7.1
fixed
suse enterprise sap 15 SP5
3.0.4-150400.3.7.1
fixed
suse enterprise sap 15 SP6
3.4.4-150600.3.7.1
fixed
suse enterprise sap 15 SP7
3.4.4-150600.3.7.1
fixed
suse enterprise server 15 SP4
3.0.4-150400.3.7.1
fixed
suse enterprise server 15 SP5
3.0.4-150400.3.7.1
fixed
suse enterprise server 15 SP6
3.4.4-150600.3.7.1
fixed
suse enterprise server 15 SP7
3.4.4-150600.3.7.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
libsoup
RHEL 8
0:2.62.3-9.el8_10
fixed
RHEL 8.2 AUS
0:2.62.3-1.el8_2.5
fixed
RHEL 8.4 AUS
0:2.62.3-2.el8_4.5
fixed
RHEL 8.6 AUS
0:2.62.3-2.el8_6.5
fixed
RHEL 8.6 E4S
0:2.62.3-2.el8_6.5
fixed
RHEL 8.6 TUS
0:2.62.3-2.el8_6.5
fixed
RHEL 8.8 AUS
0:2.62.3-3.el8_8.5
fixed
RHEL 8.8 E4S
0:2.62.3-3.el8_8.5
fixed
RHEL 8.8 EUS
0:2.62.3-3.el8_8.5
fixed
RHEL 8.8 TUS
0:2.62.3-3.el8_8.5
fixed
RHEL 9
0:2.72.0-10.el9_6.2
fixed
libsoup-devel
RHEL 8
0:2.62.3-9.el8_10
fixed
RHEL 8.2 AUS
0:2.62.3-1.el8_2.5
fixed
RHEL 8.4 AUS
0:2.62.3-2.el8_4.5
fixed
RHEL 8.6 AUS
0:2.62.3-2.el8_6.5
fixed
RHEL 8.6 E4S
0:2.62.3-2.el8_6.5
fixed
RHEL 8.6 TUS
0:2.62.3-2.el8_6.5
fixed
RHEL 8.8 AUS
0:2.62.3-3.el8_8.5
fixed
RHEL 8.8 E4S
0:2.62.3-3.el8_8.5
fixed
RHEL 8.8 EUS
0:2.62.3-3.el8_8.5
fixed
RHEL 8.8 TUS
0:2.62.3-3.el8_8.5
fixed
RHEL 9
0:2.72.0-10.el9_6.2
fixed
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2025:21657
https://access.redhat.com/errata/RHSA-2025:7505
https://access.redhat.com/errata/RHSA-2025:8126
https://access.redhat.com/errata/RHSA-2025:8132
https://access.redhat.com/errata/RHSA-2025:8139
https://access.redhat.com/errata/RHSA-2025:8140
https://access.redhat.com/errata/RHSA-2025:8252
https://access.redhat.com/errata/RHSA-2025:8480
https://access.redhat.com/errata/RHSA-2025:8481
https://access.redhat.com/errata/RHSA-2025:8482
https://access.redhat.com/errata/RHSA-2025:8663
https://access.redhat.com/errata/RHSA-2025:9179
https://access.redhat.com/security/cve/CVE-2025-2784
https://bugzilla.redhat.com/show_bug.cgi?id=2354669
https://gitlab.gnome.org/GNOME/libsoup/-/issues/422
https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html
https://gitlab.gnome.org/GNOME/libsoup/-/issues/422