Updated: 2025-08-20 03:16:33.247696
Description:
A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | NONE | 0.0 |
| CVSS Version 3.x | HIGH | 7.4 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| Oracle Linux 7 ELS | kernel-uek | 5.4.17 | 7.4 | HIGH | Needs Triage | 2025-12-13 02:48:43 | ||
| RHEL 7 ELS | libsoup | 2.62.2 | 7.4 | HIGH | Released | CLSA-2025:1762784629 | 2025-11-10 16:23:08 | |
| RHEL 7 ELS | kernel | 3.10.0 | 7.4 | HIGH | Not Vulnerable | 2025-12-03 19:31:37 | ||
| Ubuntu 16.04 ELS | linux-hwe | 4.15.0 | 7.4 | HIGH | Not Vulnerable | 2025-09-05 19:23:30 | Not affected: CVE-2025-32914 targets the libsoup HTTP library, specifically the soup_multipart_new_f... | |
| Ubuntu 16.04 ELS | linux | 4.4.0 | 7.4 | HIGH | Not Vulnerable | 2025-09-05 19:23:29 | Not affected: CVE-2025-32914 targets the libsoup HTTP library, specifically the soup_multipart_new_f... | |
| Ubuntu 18.04 ELS | linux | 4.15.0 | 7.4 | HIGH | Not Vulnerable | 2025-09-05 19:23:30 | CVE-2025-32914 is a flaw in the libsoup user‑space HTTP library’s server‑side multipart parser... |