Updated: 2025-08-20 03:16:09.222437
Description:
A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a full denial of service.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | NONE | 0.0 |
| CVSS Version 3.x | MEDIUM | 5.3 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | libsoup | 2.72.0 | 5.3 | MEDIUM | Released | CLSA-2025:1751133871 | 2025-06-29 07:22:38 | |
| CentOS 7 ELS | libsoup | 2.62.2 | 5.3 | MEDIUM | Released | CLSA-2025:1753131065 | 2025-08-05 02:13:02 | |
| Oracle Linux 7 ELS | libsoup | 2.62.2 | 5.3 | MEDIUM | Released | CLSA-2025:1753120992 | 2025-07-22 00:48:48 | |
| RHEL 7 ELS | libsoup | 2.62.2 | 5.3 | MEDIUM | Released | CLSA-2025:1753124055 | 2025-07-22 00:48:50 |