Libsoup: global-buffer-overflow

July 25, 2025 invoker category_cve

CVE Details

Basic Information

Title Libsoup: global-buffer-overflow
Type cve
Published 2025-07-25T19:19:08.251Z
Modified 2025-07-25T19:31:59.448Z

Product Information

Vendor Red Hat
Product Red Hat Enterprise Linux 10

CVSS Information

Base Score 5.5 (MEDIUM)
Attack Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Analysis

AI Description A buffer overflow vulnerability in Libsoup’s soup_header_name_to_string function could allow out-of-bounds memory access due to improper validation of the ‘name’ parameter. This could lead to a crash or potential code execution.
AI Severity Medium
AI Vendor GNOME
AI Product Libsoup

Additional Information

CWE List CWE-787
Source redhat

Description

A global buffer overflow vulnerability was found in the soup_header_name_to_string function in Libsoup. The `soup_header_name_to_string` function does not validate the `name` parameter passed in, and directly accesses `soup_header_name_strings[name]`. The value of `name` is controllable, when `name` exceeds the index range of `soup_headr_name_string`, it will cause an out-of-bounds access.

๐Ÿ’ญ Join the Security Discussion

๐Ÿ”’ Your email address will not be published. Required fields are marked *

โš ๏ธ Please be respectful and constructive in your comments. Security discussions should remain professional.