Source: libsoup3 Version: 3.6.5-4 Severity: important Tags: security upstream Forwarded: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/481 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]> Control: found -1 3.6.5-3
Hi, The following vulnerability was published for libsoup3. CVE-2025-12105[0]: | A flaw was found in the asynchronous message queue handling of the | libsoup library, widely used by GNOME and WebKit-based applications | to manage HTTP/2 communications. When network operations are aborted | at specific timing intervals, an internal message queue item may be | freed twice due to missing state synchronization. This leads to a | use-after-free memory access, potentially crashing the affected | application. Attackers could exploit this behavior remotely by | triggering specific HTTP/2 read and cancel sequences, resulting in a | denial-of-service condition. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-12105 https://www.cve.org/CVERecord?id=CVE-2025-12105 [1] https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/481 [2] https://gitlab.gnome.org/GNOME/libsoup/-/commit/9ba1243a24e442fa5ec44684617a4480027da960 Please adjust the affected versions in the BTS as needed. I have not filled yet a second bug as well against src:libsoup2.4, I'm not certain the issue is there as the code has seen major refactoring adding run_until_read_done(). Regards, Salvatore
