rpm package

suse/libsoup&distro=SUSE Linux Enterprise Module for Basesystem 15 SP7

pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7

Vulnerabilities (34)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2025-32914	Hig	7.4	< 3.4.4-150600.3.7.1	3.4.4-150600.3.7.1	Apr 14, 2025	A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds.
CVE-2025-32912	Med	6.5	< 3.4.4-150600.3.7.1	3.4.4-150600.3.7.1	Apr 14, 2025	A flaw was found in libsoup, where SoupAuthDigest is vulnerable to a NULL pointer dereference. The HTTP server may cause the libsoup client to crash.
CVE-2025-32910	Med	6.5	< 3.4.4-150600.3.7.1	3.4.4-150600.3.7.1	Apr 14, 2025	A flaw was found in libsoup, where soup_auth_digest_authenticate() is vulnerable to a NULL pointer dereference. This issue may cause the libsoup client to crash.
CVE-2025-32909	Med	5.3	< 3.4.4-150600.3.7.1	3.4.4-150600.3.7.1	Apr 14, 2025	A flaw was found in libsoup. SoupContentSniffer may be vulnerable to a NULL pointer dereference in the sniff_mp4 function. The HTTP server may cause the libsoup client to crash.
CVE-2025-32913	Hig	7.5	< 3.4.4-150600.3.7.1	3.4.4-150600.3.7.1	Apr 14, 2025	A flaw was found in libsoup, where the soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function.
CVE-2025-32908	Hig	7.5	< 3.4.4-150600.3.7.1	3.4.4-150600.3.7.1	Apr 14, 2025	A flaw was found in libsoup. The HTTP/2 server in libsoup may not fully validate the values of pseudo-headers :scheme, :authority, and :path, which may allow a user to cause a denial of service (DoS).
CVE-2025-32907	Med	5.3	< 3.4.4-150600.3.7.1	3.4.4-150600.3.7.1	Apr 14, 2025	A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does n
CVE-2025-32906	Hig	7.5	< 3.4.4-150600.3.7.1	3.4.4-150600.3.7.1	Apr 14, 2025	A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server.
CVE-2025-32053	Med	6.5	< 3.4.4-150600.3.7.1	3.4.4-150600.3.7.1	Apr 3, 2025	A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read.
CVE-2025-32052	Med	6.5	< 3.4.4-150600.3.7.1	3.4.4-150600.3.7.1	Apr 3, 2025	A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.
CVE-2025-32051	Med	5.9	< 3.4.4-150600.3.7.1	3.4.4-150600.3.7.1	Apr 3, 2025	A flaw was found in libsoup. The libsoup soup_uri_decode_data_uri() function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service (DoS).
CVE-2025-32050	Med	5.9	< 3.4.4-150600.3.7.1	3.4.4-150600.3.7.1	Apr 3, 2025	A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read.
CVE-2025-32049	Hig	7.5	< 3.4.4-150600.3.34.1	3.4.4-150600.3.34.1	Apr 3, 2025	A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).
CVE-2025-2784		—	< 3.4.4-150600.3.7.1	3.4.4-150600.3.7.1	Apr 3, 2025	A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.

CVE-2025-32914HigApr 14, 2025
affected < 3.4.4-150600.3.7.1fixed 3.4.4-150600.3.7.1
A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds.
CVE-2025-32912MedApr 14, 2025
affected < 3.4.4-150600.3.7.1fixed 3.4.4-150600.3.7.1
A flaw was found in libsoup, where SoupAuthDigest is vulnerable to a NULL pointer dereference. The HTTP server may cause the libsoup client to crash.
CVE-2025-32910MedApr 14, 2025
affected < 3.4.4-150600.3.7.1fixed 3.4.4-150600.3.7.1
A flaw was found in libsoup, where soup_auth_digest_authenticate() is vulnerable to a NULL pointer dereference. This issue may cause the libsoup client to crash.
CVE-2025-32909MedApr 14, 2025
affected < 3.4.4-150600.3.7.1fixed 3.4.4-150600.3.7.1
A flaw was found in libsoup. SoupContentSniffer may be vulnerable to a NULL pointer dereference in the sniff_mp4 function. The HTTP server may cause the libsoup client to crash.
CVE-2025-32913HigApr 14, 2025
affected < 3.4.4-150600.3.7.1fixed 3.4.4-150600.3.7.1
A flaw was found in libsoup, where the soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function.
CVE-2025-32908HigApr 14, 2025
affected < 3.4.4-150600.3.7.1fixed 3.4.4-150600.3.7.1
A flaw was found in libsoup. The HTTP/2 server in libsoup may not fully validate the values of pseudo-headers :scheme, :authority, and :path, which may allow a user to cause a denial of service (DoS).
CVE-2025-32907MedApr 14, 2025
affected < 3.4.4-150600.3.7.1fixed 3.4.4-150600.3.7.1
A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does n
CVE-2025-32906HigApr 14, 2025
affected < 3.4.4-150600.3.7.1fixed 3.4.4-150600.3.7.1
A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server.
CVE-2025-32053MedApr 3, 2025
affected < 3.4.4-150600.3.7.1fixed 3.4.4-150600.3.7.1
A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read.
CVE-2025-32052MedApr 3, 2025
affected < 3.4.4-150600.3.7.1fixed 3.4.4-150600.3.7.1
A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.
CVE-2025-32051MedApr 3, 2025
affected < 3.4.4-150600.3.7.1fixed 3.4.4-150600.3.7.1
A flaw was found in libsoup. The libsoup soup_uri_decode_data_uri() function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service (DoS).
CVE-2025-32050MedApr 3, 2025
affected < 3.4.4-150600.3.7.1fixed 3.4.4-150600.3.7.1
A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read.
CVE-2025-32049HigApr 3, 2025
affected < 3.4.4-150600.3.34.1fixed 3.4.4-150600.3.34.1
A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).
CVE-2025-2784Apr 3, 2025
affected < 3.4.4-150600.3.7.1fixed 3.4.4-150600.3.7.1
A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.

Page 2 of 2