Libsoup: libsoup null pointer dereference

July 10, 2025 invoker category_cve

CVE Details

Basic Information

Title	Libsoup: libsoup null pointer dereference
Type	cve
Published	2025-07-10T14:11:29.409Z
Modified	2025-07-10T14:11:29.409Z

Product Information

Vendor	Red Hat
Product	Red Hat Enterprise Linux 10

CVSS Information

Base Score	7.5 (HIGH)
Attack Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Analysis

AI Description	A NULL pointer dereference vulnerability in libsoup’s cookie parsing functionality can cause a denial of service when processing a cookie without a domain parameter.
AI Severity	High
AI Vendor	GNOME Foundation
AI Product	libsoup

Additional Information

CWE List	CWE-476
Source	redhat

Description

A flaw was found in libsoup. A NULL pointer dereference vulnerability occurs in libsoup’s cookie parsing functionality. When processing a cookie without a domain parameter, the soup_cookie_jar_add_cookie() function will crash, resulting in a denial of service.

References

https://access.redhat.com/security/cve/CVE-2025-7370
https://bugzilla.redhat.com/show_bug.cgi?id=2378888

View Full CVE Details