Description

A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.

INFO

Published Date :

2025-04-03T01:40:12.164Z

Last Modified :

2025-11-18T08:36:15.526Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2025-2784 vulnerability.

Vendors Products
Gnome
  • Libsoup
Redhat
  • Codeready Linux Builder
  • Codeready Linux Builder For Arm64
  • Codeready Linux Builder For Arm64 Eus
  • Codeready Linux Builder For Ibm Z Systems
  • Codeready Linux Builder For Ibm Z Systems Eus
  • Codeready Linux Builder For Power Little Endian
  • Codeready Linux Builder For Power Little Endian Eus
  • Enterprise Linux
  • Enterprise Linux Eus
  • Enterprise Linux For Arm 64
  • Enterprise Linux For Arm 64 Eus
  • Enterprise Linux For Ibm Z Systems
  • Enterprise Linux For Ibm Z Systems Eus
  • Enterprise Linux For Power Little Endian
  • Enterprise Linux For Power Little Endian Eus
  • Enterprise Linux Server
  • Enterprise Linux Server Aus
  • Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions
  • Enterprise Linux Server Tus
  • Enterprise Linux Update Services For Sap Solutions
  • Rhel Aus
  • Rhel E4s
  • Rhel Els
  • Rhel Eus
  • Rhel Tus
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-2784.

URL Resource
https://access.redhat.com/errata/RHSA-2025:21657 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:7505 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:8126 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:8132 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:8139 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:8140 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:8252 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:8480 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:8481 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:8482 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:8663 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:9179 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2025-2784 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2354669 cve-icon cve-icon
https://gitlab.gnome.org/GNOME/libsoup/-/issues/422 cve-icon cve-icon cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-2784 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-2784 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact