CVE-2025-4945

EUVD-2025-16034

19.05.2025, 17:15

A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	3.7 LOW	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 53%

Debian Releases

Debian Product

Codename

libsoup2.4

bookworm	no-dsa
bullseye	vulnerable
bullseye (security)	2.72.0-2+deb11u3 fixed
trixie	no-dsa

libsoup3

bookworm	no-dsa
forky	3.6.6-1 fixed
sid	3.6.6-1 fixed
trixie	3.6.5-3 fixed

Ubuntu Releases

Ubuntu Product

Codename

libsoup2.4

bionic	Fixed 2.62.1-1ubuntu0.4+esm6 released
focal	Fixed 2.70.0-1ubuntu0.5+esm1 released
jammy	Fixed 2.74.2-3ubuntu0.6 released
noble	Fixed 2.74.3-6ubuntu1.6 released
oracular	ignored
plucky	Fixed 2.74.3-10ubuntu0.4 released
questing	Fixed 2.74.3-10.1ubuntu4 released
resolute	Fixed 2.74.3-10.1ubuntu4 released
xenial	Fixed 2.52.2-1ubuntu0.3+esm5 released

libsoup3

focal	dne
jammy	Fixed 3.0.7-0ubuntu1+esm5 released
noble	Fixed 3.4.4-5ubuntu0.5 released
oracular	ignored
plucky	Fixed 3.6.5-1ubuntu0.2 released
questing	Fixed 3.6.5-3 released
resolute	Fixed 3.6.5-3 released

openSUSE / SLES Releases

openSUSE Product

Release

libsoup-2_4-1

suse enterprise desktop 15 SP6	2.74.3-150600.4.12.1 fixed
suse enterprise desktop 15 SP7	2.74.3-150600.4.12.1 fixed
suse enterprise sap 15 SP6	2.74.3-150600.4.12.1 fixed
suse enterprise sap 15 SP7	2.74.3-150600.4.12.1 fixed
suse enterprise server 15 SP4	2.74.2-150400.3.12.1 fixed
suse enterprise server 15 SP6	2.74.3-150600.4.12.1 fixed
suse enterprise server 15 SP7	2.74.3-150600.4.12.1 fixed

libsoup-3_0-0

suse enterprise desktop 15 SP6	3.4.4-150600.3.13.1 fixed
suse enterprise desktop 15 SP7	3.4.4-150600.3.13.1 fixed
suse enterprise sap 15 SP6	3.4.4-150600.3.13.1 fixed
suse enterprise sap 15 SP7	3.4.4-150600.3.13.1 fixed
suse enterprise server 15 SP4	3.0.4-150400.3.13.1 fixed
suse enterprise server 15 SP6	3.4.4-150600.3.13.1 fixed
suse enterprise server 15 SP7	3.4.4-150600.3.13.1 fixed

libsoup-devel

suse enterprise desktop 15 SP6	3.4.4-150600.3.13.1 fixed
suse enterprise desktop 15 SP7	3.4.4-150600.3.13.1 fixed
suse enterprise sap 15 SP6	3.4.4-150600.3.13.1 fixed
suse enterprise sap 15 SP7	3.4.4-150600.3.13.1 fixed
suse enterprise server 15 SP4	3.0.4-150400.3.13.1 fixed
suse enterprise server 15 SP6	3.4.4-150600.3.13.1 fixed
suse enterprise server 15 SP7	3.4.4-150600.3.13.1 fixed

libsoup-lang

suse enterprise desktop 15 SP6	3.4.4-150600.3.13.1 fixed
suse enterprise desktop 15 SP7	3.4.4-150600.3.13.1 fixed
suse enterprise sap 15 SP6	3.4.4-150600.3.13.1 fixed
suse enterprise sap 15 SP7	3.4.4-150600.3.13.1 fixed
suse enterprise server 15 SP4	3.0.4-150400.3.13.1 fixed
suse enterprise server 15 SP6	3.4.4-150600.3.13.1 fixed
suse enterprise server 15 SP7	3.4.4-150600.3.13.1 fixed

libsoup2-devel

suse enterprise desktop 15 SP6	2.74.3-150600.4.12.1 fixed
suse enterprise desktop 15 SP7	2.74.3-150600.4.12.1 fixed
suse enterprise sap 15 SP6	2.74.3-150600.4.12.1 fixed
suse enterprise sap 15 SP7	2.74.3-150600.4.12.1 fixed
suse enterprise server 15 SP4	2.74.2-150400.3.12.1 fixed
suse enterprise server 15 SP6	2.74.3-150600.4.12.1 fixed
suse enterprise server 15 SP7	2.74.3-150600.4.12.1 fixed

libsoup2-lang

suse enterprise desktop 15 SP6	2.74.3-150600.4.12.1 fixed
suse enterprise desktop 15 SP7	2.74.3-150600.4.12.1 fixed
suse enterprise sap 15 SP6	2.74.3-150600.4.12.1 fixed
suse enterprise sap 15 SP7	2.74.3-150600.4.12.1 fixed
suse enterprise server 15 SP4	2.74.2-150400.3.12.1 fixed
suse enterprise server 15 SP6	2.74.3-150600.4.12.1 fixed
suse enterprise server 15 SP7	2.74.3-150600.4.12.1 fixed

typelib-1_0-Soup-2_4

suse enterprise desktop 15 SP6	2.74.3-150600.4.12.1 fixed
suse enterprise desktop 15 SP7	2.74.3-150600.4.12.1 fixed
suse enterprise sap 15 SP6	2.74.3-150600.4.12.1 fixed
suse enterprise sap 15 SP7	2.74.3-150600.4.12.1 fixed
suse enterprise server 15 SP4	2.74.2-150400.3.12.1 fixed
suse enterprise server 15 SP6	2.74.3-150600.4.12.1 fixed
suse enterprise server 15 SP7	2.74.3-150600.4.12.1 fixed

typelib-1_0-Soup-3_0

suse enterprise desktop 15 SP6	3.4.4-150600.3.13.1 fixed
suse enterprise desktop 15 SP7	3.4.4-150600.3.13.1 fixed
suse enterprise sap 15 SP6	3.4.4-150600.3.13.1 fixed
suse enterprise sap 15 SP7	3.4.4-150600.3.13.1 fixed
suse enterprise server 15 SP4	3.0.4-150400.3.13.1 fixed
suse enterprise server 15 SP6	3.4.4-150600.3.13.1 fixed
suse enterprise server 15 SP7	3.4.4-150600.3.13.1 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

libsoup

RHEL 8	0:2.62.3-10.el8_10 fixed
RHEL 8.2 AUS	0:2.62.3-1.el8_2.6 fixed
RHEL 8.4 AUS	0:2.62.3-2.el8_4.6 fixed
RHEL 8.6 AUS	0:2.62.3-2.el8_6.6 fixed
RHEL 8.6 E4S	0:2.62.3-2.el8_6.6 fixed
RHEL 8.6 TUS	0:2.62.3-2.el8_6.6 fixed
RHEL 8.8 E4S	0:2.62.3-3.el8_8.6 fixed
RHEL 9	0:2.72.0-12.el9_7.1 fixed

libsoup-devel

RHEL 8	0:2.62.3-10.el8_10 fixed
RHEL 8.2 AUS	0:2.62.3-1.el8_2.6 fixed
RHEL 8.4 AUS	0:2.62.3-2.el8_4.6 fixed
RHEL 8.6 AUS	0:2.62.3-2.el8_6.6 fixed
RHEL 8.6 E4S	0:2.62.3-2.el8_6.6 fixed
RHEL 8.6 TUS	0:2.62.3-2.el8_6.6 fixed
RHEL 8.8 E4S	0:2.62.3-3.el8_8.6 fixed
RHEL 9	0:2.72.0-12.el9_7.1 fixed

Common Weakness Enumeration

CWE-190 - Integer Overflow or Wraparound
The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

References

https://access.redhat.com/errata/RHSA-2025:19713

https://access.redhat.com/errata/RHSA-2025:19714

https://access.redhat.com/errata/RHSA-2025:19720

https://access.redhat.com/errata/RHSA-2025:20959

https://access.redhat.com/errata/RHSA-2025:21032

https://access.redhat.com/errata/RHSA-2025:21655

https://access.redhat.com/errata/RHSA-2025:21656

https://access.redhat.com/errata/RHSA-2025:21657

https://access.redhat.com/errata/RHSA-2025:21664

https://access.redhat.com/errata/RHSA-2025:21665

https://access.redhat.com/errata/RHSA-2025:21666

https://access.redhat.com/errata/RHSA-2025:21772

https://access.redhat.com/errata/RHSA-2025:22013

https://access.redhat.com/security/cve/CVE-2025-4945

https://bugzilla.redhat.com/show_bug.cgi?id=2367175

https://gitlab.gnome.org/GNOME/libsoup/-/issues/448