CVE-2025-4476

EUVD-2025-15540

16.05.2025, 18:16

A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 (Unauthorized) HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing this malformed header can lead to a crash of the client application using libsoup. An attacker could exploit this by setting up a malicious HTTP server. If a user's application using the vulnerable libsoup library connects to this malicious server, it could result in a denial-of-service. Successful exploitation requires tricking a user's client application into connecting to the attacker's malicious server.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 54%

Ubuntu Releases

Ubuntu Product

Codename

libsoup3

focal	dne
jammy	Fixed 3.0.7-0ubuntu1+esm4 released
noble	Fixed 3.4.4-5ubuntu0.4 released
oracular	Fixed 3.6.0-2ubuntu0.4 released
plucky	Fixed 3.6.5-1ubuntu0.1 released
questing	not-affected
resolute	not-affected

libsoup2.4

bionic	Fixed 2.62.1-1ubuntu0.4+esm4 released
focal	Fixed 2.70.0-1ubuntu0.5 released
jammy	Fixed 2.74.2-3ubuntu0.5 released
noble	Fixed 2.74.3-6ubuntu1.5 released
oracular	Fixed 2.74.3-7ubuntu0.5 released
plucky	Fixed 2.74.3-10ubuntu0.3 released
questing	not-affected
resolute	not-affected
xenial	Fixed 2.52.2-1ubuntu0.3+esm3 released

openSUSE / SLES Releases

openSUSE Product

Release

libsoup-2_4-1

suse enterprise desktop 15 SP7	2.74.3-150600.4.24.1 fixed
suse enterprise sap 15 SP4	2.74.2-150400.3.26.1 fixed
suse enterprise sap 15 SP5	2.74.2-150400.3.26.1 fixed
suse enterprise sap 15 SP7	2.74.3-150600.4.24.1 fixed
suse enterprise server 12 SP3	2.62.2-5.34.1 fixed
suse enterprise server 12 SP5	2.62.2-5.34.1 fixed
suse enterprise server 15 SP4	2.74.2-150400.3.26.1 fixed
suse enterprise server 15 SP5	2.74.2-150400.3.26.1 fixed
suse enterprise server 15 SP6	2.74.3-150600.4.24.1 fixed
suse enterprise server 15 SP7	2.74.3-150600.4.24.1 fixed

libsoup-2_4-1-32bit

suse enterprise server 12 SP3	2.62.2-5.34.1 fixed
suse enterprise server 12 SP5	2.62.2-5.34.1 fixed

libsoup-3_0-0

suse enterprise desktop 15 SP6	3.4.4-150600.3.10.1 fixed
suse enterprise desktop 15 SP7	3.4.4-150600.3.10.1 fixed
suse enterprise sap 15 SP4	3.0.4-150400.3.10.1 fixed
suse enterprise sap 15 SP5	3.0.4-150400.3.10.1 fixed
suse enterprise sap 15 SP6	3.4.4-150600.3.10.1 fixed
suse enterprise sap 15 SP7	3.4.4-150600.3.10.1 fixed
suse enterprise server 15 SP4	3.0.4-150400.3.10.1 fixed
suse enterprise server 15 SP5	3.0.4-150400.3.10.1 fixed
suse enterprise server 15 SP6	3.4.4-150600.3.10.1 fixed
suse enterprise server 15 SP7	3.4.4-150600.3.10.1 fixed

libsoup-devel

suse enterprise desktop 15 SP6	3.4.4-150600.3.10.1 fixed
suse enterprise desktop 15 SP7	3.4.4-150600.3.10.1 fixed
suse enterprise sap 15 SP4	3.0.4-150400.3.10.1 fixed
suse enterprise sap 15 SP5	3.0.4-150400.3.10.1 fixed
suse enterprise sap 15 SP6	3.4.4-150600.3.10.1 fixed
suse enterprise sap 15 SP7	3.4.4-150600.3.10.1 fixed
suse enterprise server 12 SP3	2.62.2-5.34.1 fixed
suse enterprise server 12 SP5	2.62.2-5.34.1 fixed
suse enterprise server 15 SP4	3.0.4-150400.3.10.1 fixed
suse enterprise server 15 SP5	3.0.4-150400.3.10.1 fixed
suse enterprise server 15 SP6	3.4.4-150600.3.10.1 fixed
suse enterprise server 15 SP7	3.4.4-150600.3.10.1 fixed

libsoup-lang

suse enterprise desktop 15 SP6	3.4.4-150600.3.10.1 fixed
suse enterprise desktop 15 SP7	3.4.4-150600.3.10.1 fixed
suse enterprise sap 15 SP4	3.0.4-150400.3.10.1 fixed
suse enterprise sap 15 SP5	3.0.4-150400.3.10.1 fixed
suse enterprise sap 15 SP6	3.4.4-150600.3.10.1 fixed
suse enterprise sap 15 SP7	3.4.4-150600.3.10.1 fixed
suse enterprise server 12 SP3	2.62.2-5.34.1 fixed
suse enterprise server 12 SP5	2.62.2-5.34.1 fixed
suse enterprise server 15 SP4	3.0.4-150400.3.10.1 fixed
suse enterprise server 15 SP5	3.0.4-150400.3.10.1 fixed
suse enterprise server 15 SP6	3.4.4-150600.3.10.1 fixed
suse enterprise server 15 SP7	3.4.4-150600.3.10.1 fixed

libsoup2-devel

suse enterprise desktop 15 SP7	2.74.3-150600.4.24.1 fixed
suse enterprise sap 15 SP4	2.74.2-150400.3.26.1 fixed
suse enterprise sap 15 SP5	2.74.2-150400.3.26.1 fixed
suse enterprise sap 15 SP7	2.74.3-150600.4.24.1 fixed
suse enterprise server 15 SP4	2.74.2-150400.3.26.1 fixed
suse enterprise server 15 SP5	2.74.2-150400.3.26.1 fixed
suse enterprise server 15 SP6	2.74.3-150600.4.24.1 fixed
suse enterprise server 15 SP7	2.74.3-150600.4.24.1 fixed

libsoup2-lang

suse enterprise desktop 15 SP7	2.74.3-150600.4.24.1 fixed
suse enterprise sap 15 SP4	2.74.2-150400.3.26.1 fixed
suse enterprise sap 15 SP5	2.74.2-150400.3.26.1 fixed
suse enterprise sap 15 SP7	2.74.3-150600.4.24.1 fixed
suse enterprise server 15 SP4	2.74.2-150400.3.26.1 fixed
suse enterprise server 15 SP5	2.74.2-150400.3.26.1 fixed
suse enterprise server 15 SP6	2.74.3-150600.4.24.1 fixed
suse enterprise server 15 SP7	2.74.3-150600.4.24.1 fixed

typelib-1_0-Soup-2_4

suse enterprise desktop 15 SP7	2.74.3-150600.4.24.1 fixed
suse enterprise sap 15 SP4	2.74.2-150400.3.26.1 fixed
suse enterprise sap 15 SP5	2.74.2-150400.3.26.1 fixed
suse enterprise sap 15 SP7	2.74.3-150600.4.24.1 fixed
suse enterprise server 12 SP3	2.62.2-5.34.1 fixed
suse enterprise server 12 SP5	2.62.2-5.34.1 fixed
suse enterprise server 15 SP4	2.74.2-150400.3.26.1 fixed
suse enterprise server 15 SP5	2.74.2-150400.3.26.1 fixed
suse enterprise server 15 SP6	2.74.3-150600.4.24.1 fixed
suse enterprise server 15 SP7	2.74.3-150600.4.24.1 fixed

typelib-1_0-Soup-3_0

suse enterprise desktop 15 SP6	3.4.4-150600.3.10.1 fixed
suse enterprise desktop 15 SP7	3.4.4-150600.3.10.1 fixed
suse enterprise sap 15 SP4	3.0.4-150400.3.10.1 fixed
suse enterprise sap 15 SP5	3.0.4-150400.3.10.1 fixed
suse enterprise sap 15 SP6	3.4.4-150600.3.10.1 fixed
suse enterprise sap 15 SP7	3.4.4-150600.3.10.1 fixed
suse enterprise server 15 SP4	3.0.4-150400.3.10.1 fixed
suse enterprise server 15 SP5	3.0.4-150400.3.10.1 fixed
suse enterprise server 15 SP6	3.4.4-150600.3.10.1 fixed
suse enterprise server 15 SP7	3.4.4-150600.3.10.1 fixed

Common Weakness Enumeration

CWE-476 - NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

References

https://access.redhat.com/security/cve/CVE-2025-4476

https://bugzilla.redhat.com/show_bug.cgi?id=2366513

https://gitlab.gnome.org/GNOME/libsoup/-/issues/440

https://gitlab.gnome.org/GNOME/libsoup/-/work_items/440