REDHAT-BUG-2361963
First published: Thu Apr 24 2025(Updated: )
libsoup prior to version 3.6.3 is vulnerable to a memory leak in the soup_header_parse_quality_list() function when parsing a quality list if any element contains all zeroes, i.e. q=0.0 , q=0.00 , q=0.000, and so forth.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| libsoup | <3.6.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of REDHAT-BUG-2361963?
The severity of REDHAT-BUG-2361963 is classified as moderate due to the memory leak vulnerability.
How do I fix REDHAT-BUG-2361963?
To fix REDHAT-BUG-2361963, upgrade libsoup to version 3.6.3 or later.
Which versions of libsoup are affected by REDHAT-BUG-2361963?
Libsoup versions prior to 3.6.3 are affected by REDHAT-BUG-2361963.
What causes the memory leak in REDHAT-BUG-2361963?
The memory leak in REDHAT-BUG-2361963 is caused by the soup_header_parse_quality_list() function when parsing a quality list with elements containing all zeroes.
Is there a workaround for REDHAT-BUG-2361963?
Currently, there is no documented workaround for REDHAT-BUG-2361963 other than upgrading to the fixed version.
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2025-46420
- agent/last-modified-date
- agent/references
- agent/source
- agent/description
- agent/first-publish-date
- agent/severity
- agent/type
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- vendor/gnome
- canonical/libsoup