vulnerability

SUSE: CVE-2025-4476: SUSE Linux Security Advisory

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:N/I:N/A:C)	May 16, 2025	Jun 5, 2025	Jun 6, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:N/A:C)

Published

May 16, 2025

Added

Jun 5, 2025

Modified

Jun 6, 2025

Description

A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 (Unauthorized) HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing this malformed header can lead to a crash of the client application using libsoup. An attacker could exploit this by setting up a malicious HTTP server. If a user's application using the vulnerable libsoup library connects to this malicious server, it could result in a denial-of-service. Successful exploitation requires tricking a user's client application into connecting to the attacker's malicious server.

Solution(s)

suse-upgrade-libsoup-3_0-0suse-upgrade-libsoup-3_0-0-32bitsuse-upgrade-libsoup-develsuse-upgrade-libsoup-devel-32bitsuse-upgrade-libsoup-langsuse-upgrade-typelib-1_0-soup-3_0

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today