VDB

DEBIAN-CVE-2025-32907

DEBIAN-CVE-2025-32907 PUBLISHED CVSS 5.300000190734863 MEDIUM

A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a full denial of service.

Risk Scores

CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products

VendorProductVersions
Debian:12libsoup33.6.6-1, 3.2.2-2, 3.2.3-0+deb12u1
Debian:13libsoup30, 0
Debian:12libsoup2.42.74.3-5, 2.74.3-3.1~exp3, 2.74.3-3.1~exp2
Debian:14libsoup30, 0
Debian:11libsoup2.42.74.2-1, 2.74.2-3, 2.74.3-1
Debian:13libsoup2.40, 2.74.3-10.1, 2.74.3-11

Timeline

  • Apr 14, 2025 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›