Updated: 2025-05-06 18:53:48.236754
Description:
A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | NONE | 0 |
| CVSS Version 3.x | HIGH | 9 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | libsoup | 2.72.0 | 9.0 | HIGH | Released | CLSA-2025:1750784473 | 2025-06-25 02:58:29 | |
| CentOS 7 ELS | libsoup | 2.62.2 | 9.0 | HIGH | In Rollout | CLSA-2025:1752126372 | 2025-07-11 01:40:54 | |
| Oracle Linux 7 ELS | libsoup | 2.62.2 | 9.0 | HIGH | Released | CLSA-2025:1752088985 | 2025-07-10 01:48:42 | |
| RHEL 7 ELS | libsoup | 2.62.2 | 9.0 | HIGH | Released | CLSA-2025:1752089185 | 2025-07-10 01:48:21 |