CVE-2025-2784

Updated: 2026-02-27 02:27:24.735673

Description:

A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0.0
CVSS Version 3.x MEDIUM 6.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
AlmaLinux 9.2 ESU libsoup 2.72.0 6.5 MEDIUM Released CLSA-2025:1749569869 2025-06-11 00:54:46
AlmaLinux 9.2 ESU kernel 5.14.0 6.5 MEDIUM Ignored 2025-06-10 00:24:22
CentOS 7 ELS kernel 3.10.0 6.5 MEDIUM Ignored 2025-12-03 10:07:06 This flaw only triggers when an application using libsoup acts as an HTTP client and processes a cra...
CentOS 7 ELS libsoup 2.62.2 6.5 MEDIUM Released CLSA-2025:1753131065 2025-08-05 02:13:59 This flaw only triggers when an application using libsoup acts as an HTTP client and processes a cra...
CentOS 8.4 ELS kernel 4.18.0 6.5 MEDIUM Not Vulnerable 2025-10-24 02:29:03 CVE-2025-2784 affects the libsoup user‑space HTTP client library, not the Linux kernel. Exploitati...
CentOS 8.5 ELS kernel 4.18.0 6.5 MEDIUM Not Vulnerable 2025-10-24 02:29:03 CVE-2025-2784 affects the libsoup user‑space HTTP client library, not the Linux kernel. Exploitati...
CentOS Stream 8 ELS kernel 4.18.0 6.5 MEDIUM Not Vulnerable 2025-10-24 02:29:02 CVE-2025-2784 affects the libsoup user‑space HTTP client library, not the Linux kernel. Exploitati...
CloudLinux 7 ELS kernel 3.10.0 6.5 MEDIUM Ignored 2025-12-18 20:31:13
Oracle Linux 7 ELS kernel 3.10.0 6.5 MEDIUM Ignored 2025-12-18 20:31:14 Deprioritize: this issue is a single‑byte heap over‑read in libsoup’s content sniffer that onl...
Oracle Linux 7 ELS libsoup 2.62.2 6.5 MEDIUM Released CLSA-2025:1753120992 2025-07-22 00:49:48 Deprioritize: this issue is a single‑byte heap over‑read in libsoup’s content sniffer that onl...
Total: 18