rpm package
suse/libsoup&distro=SUSE Manager Server LTS 4.3
pkg:rpm/suse/libsoup&distro=SUSE%20Manager%20Server%20LTS%204.3
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-12105 | Hig | 7.5 | < 3.0.4-150400.3.21.1 | 3.0.4-150400.3.21.1 | Oct 23, 2025 | A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed tw | |
| CVE-2025-11021 | Hig | 7.5 | < 3.0.4-150400.3.18.1 | 3.0.4-150400.3.18.1 | Sep 26, 2025 | A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw coul | |
| CVE-2025-32911 | Cri | 9.0 | < 3.0.4-150400.3.21.1 | 3.0.4-150400.3.21.1 | Apr 15, 2025 | A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server. |
- affected < 3.0.4-150400.3.21.1fixed 3.0.4-150400.3.21.1
A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed tw
- affected < 3.0.4-150400.3.18.1fixed 3.0.4-150400.3.18.1
A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw coul
- affected < 3.0.4-150400.3.21.1fixed 3.0.4-150400.3.21.1
A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server.