CVE-2025-2784

A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
redhatCNA
7 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
VendorProductVersion
gnomelibsoup
𝑥
< 3.6.5
redhatcodeready_linux_builder
10.0
redhatcodeready_linux_builder_for_arm64
10.0_aarch64:_aarch64
redhatcodeready_linux_builder_for_arm64_eus
10.0_aarch64:_aarch64
redhatcodeready_linux_builder_for_ibm_z_systems
10.0_s390x:_s390x
redhatcodeready_linux_builder_for_ibm_z_systems_eus
10.0_s390x:_s390x
redhatcodeready_linux_builder_for_power_little_endian
10.0_ppc64le:_ppc64le
redhatcodeready_linux_builder_for_power_little_endian_eus
10.0_ppc64le:_ppc64le
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
redhatenterprise_linux
10.0
redhatenterprise_linux_eus
8.8
redhatenterprise_linux_eus
9.2
redhatenterprise_linux_eus
9.4
redhatenterprise_linux_eus
9.6
redhatenterprise_linux_eus
10.0
redhatenterprise_linux_for_arm_64
8.0_aarch64:_aarch64
redhatenterprise_linux_for_arm_64
9.0_aarch64:_aarch64
redhatenterprise_linux_for_arm_64
10.0_aarch64:_aarch64
redhatenterprise_linux_for_arm_64_eus
8.8_aarch64:_aarch64
redhatenterprise_linux_for_arm_64_eus
9.2_aarch64:_aarch64
redhatenterprise_linux_for_arm_64_eus
9.4_aarch64:_aarch64
redhatenterprise_linux_for_arm_64_eus
9.6_aarch64:_aarch64
redhatenterprise_linux_for_arm_64_eus
10.0_aarch64:_aarch64
redhatenterprise_linux_for_ibm_z_systems
8.0_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems
9.0_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems
10.0_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems_eus
8.8_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems_eus
9.2_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems_eus
9.4_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems_eus
9.6_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems_eus
10.0_s390x:_s390x
redhatenterprise_linux_for_power_little_endian
8.0_ppc64le:_ppc64le
redhatenterprise_linux_for_power_little_endian
9.0_ppc64le:_ppc64le
redhatenterprise_linux_for_power_little_endian
10.0_ppc64le:_ppc64le
redhatenterprise_linux_for_power_little_endian_eus
8.8_ppc64le:_ppc64le
redhatenterprise_linux_for_power_little_endian_eus
9.2_ppc64le:_ppc64le
redhatenterprise_linux_for_power_little_endian_eus
9.4_ppc64le:_ppc64le
redhatenterprise_linux_for_power_little_endian_eus
9.6_ppc64le:_ppc64le
redhatenterprise_linux_for_power_little_endian_eus
10.0_ppc64le:_ppc64le
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_aus
8.2
redhatenterprise_linux_server_aus
8.4
redhatenterprise_linux_server_aus
8.6
redhatenterprise_linux_server_aus
9.2
redhatenterprise_linux_server_aus
9.4
redhatenterprise_linux_server_aus
9.6
redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
8.6_ppc64le:_ppc64le
redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
9.0_ppc64le:_ppc64le
redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
9.6_ppc64le:_ppc64le
redhatenterprise_linux_server_tus
8.6
redhatenterprise_linux_server_tus
8.8
redhatenterprise_linux_update_services_for_sap_solutions
8.8
redhatenterprise_linux_update_services_for_sap_solutions
9.0
redhatenterprise_linux_update_services_for_sap_solutions
9.2
redhatenterprise_linux_update_services_for_sap_solutions
9.4
redhatenterprise_linux_update_services_for_sap_solutions
9.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2025:7505
https://access.redhat.com/errata/RHSA-2025:8126
https://access.redhat.com/errata/RHSA-2025:8132
https://access.redhat.com/errata/RHSA-2025:8139
https://access.redhat.com/errata/RHSA-2025:8140
https://access.redhat.com/errata/RHSA-2025:8252
https://access.redhat.com/errata/RHSA-2025:8480
https://access.redhat.com/errata/RHSA-2025:8481
https://access.redhat.com/errata/RHSA-2025:8482
https://access.redhat.com/errata/RHSA-2025:8663
https://access.redhat.com/errata/RHSA-2025:9179
https://access.redhat.com/security/cve/CVE-2025-2784
https://bugzilla.redhat.com/show_bug.cgi?id=2354669
https://gitlab.gnome.org/GNOME/libsoup/-/issues/422
https://gitlab.gnome.org/GNOME/libsoup/-/issues/422