Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2025-32052

6.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): NONE
Availability impact (A): LOW

created 1 year ago

Libsoup: heap buffer overflow in sniff_unknown()

A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.

References

https://access.redhat.com/security/cve/CVE-2025-32052 vdb-entryx_refsource_REDHAT
RHBZ#2357069 issue-trackingx_refsource_REDHAT
RHSA-2025:4440 vendor-advisoryx_refsource_REDHAT
RHSA-2025:4508 vendor-advisoryx_refsource_REDHAT
RHSA-2025:4560 vendor-advisoryx_refsource_REDHAT
RHSA-2025:4568 vendor-advisoryx_refsource_REDHAT
RHSA-2025:7436 vendor-advisoryx_refsource_REDHAT
RHSA-2025:8292 vendor-advisoryx_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html

Affected products

libsoup

*
<3.6.1

libsoup3

mingw-freetype

*

spice-client-win

*

Matching in nixpkgs

pkgs.libsoup_3

HTTP client/server library for GNOME

nixos-unstable 3.6.0
- nixpkgs-unstable 3.6.0
- nixos-unstable-small 3.6.0

pkgs.libsoup_2_4

HTTP client/server library for GNOME

nixos-unstable 2.74.3
- nixpkgs-unstable 2.74.3
- nixos-unstable-small 2.74.3

pkgs.tests.pkg-config.defaultPkgConfigPackages.%22libsoup-gnome-2.4%22

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

nixos-unstable 2.4
- nixpkgs-unstable 2.4
- nixos-unstable-small 2.4

Package maintainers

@lovek323 Jason O'Conal <jason@oconal.id.au>
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
@jtojnar Jan Tojnar <jtojnar@gmail.com>
@bobby285271 Bobby Rong <rjl931189261@126.com>
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>