Source: libsoup3
Version: 3.6.5-1
Severity: important
Tags: security upstream
Forwarded: https://gitlab.gnome.org/GNOME/libsoup/-/issues/428
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerability was published for libsoup3.

CVE-2025-32907[0]:
| A flaw was found in libsoup. The implementation of HTTP range
| requests is vulnerable to a resource consumption attack. This flaw
| allows a malicious client to request the same range many times in a
| single HTTP request, causing the server to use large amounts of
| memory.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-32907
    https://www.cve.org/CVERecord?id=CVE-2025-32907
[1] https://gitlab.gnome.org/GNOME/libsoup/-/issues/428

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Reply via email to