{ "threat_severity" : "Low", "public_date" : "2025-05-08T00:00:00Z", "bugzilla" : { "description" : "libsoup: Null pointer dereference in libsoup may lead to Denial Of Service", "id" : "2366513", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2366513" }, "cvss3" : { "cvss3_base_score" : "4.3", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status" : "draft" }, "cwe" : "CWE-476", "details" : [ "A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 (Unauthorized) HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing this malformed header can lead to a crash of the client application using libsoup. An attacker could exploit this by setting up a malicious HTTP server. If a user's application using the vulnerable libsoup library connects to this malicious server, it could result in a denial-of-service. Successful exploitation requires tricking a user's client application into connecting to the attacker's malicious server.", "A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 (Unauthorized) HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing this malformed header can lead to a crash of the client application using libsoup. An attacker could exploit this by setting up a malicious HTTP server. If a user's application using the vulnerable libsoup library connects to this malicious server, it could result in a denial-of-service. Successful exploitation requires tricking a user's client application into connecting to the attacker's malicious server." ], "statement" : "The Red Hat Product Security team has assessed the severity of this vulnerability as Low. This determination is based on two key factors: successful exploitation necessitates a user being deceived into connecting to a malicious and untrusted HTTP server. Furthermore, the impact of a successful attack is limited to crashing only the specific client instance actively communicating with that malicious service, preventing any widespread system-level repercussions by default.", "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "libsoup3", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "libsoup", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "libsoup", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "libsoup", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "libsoup", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-4476\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-4476" ], "name" : "CVE-2025-4476", "mitigation" : { "value" : "To mitigate the risk posed by this libsoup vulnerability, Red Hat strongly advises against connecting client applications relying on the libsoup library to untrusted HTTP servers until systems can be updated to a version of libsoup that includes the fix for this specific flaw. This precaution will help prevent potential denial-of-service scenarios within user sessions.", "lang" : "en:us" }, "csaw" : false }