A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server.
| Version | Base score | Base severity | Vector |
|---|---|---|---|
| 3.1 | 9.0 | CRITICAL | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H |
| CAPEC ID | Description |
|---|
Currently, no mitigation is available for this vulnerability.
| Event | Date |
|---|---|
| Reported to Red Hat. | 2025-04-14 01:21:00 |
| Made public. | 2025-04-14 00:00:00 |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html | N/A |