A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes.
Fixes

Solution

No solution given by the vendor.


Workaround

Currently, no mitigation is available for this vulnerability.

History

Mon, 28 Jul 2025 13:00:00 +0000

Type Values Removed Values Added
References

Wed, 21 May 2025 16:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10

Wed, 14 May 2025 02:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:9

Tue, 13 May 2025 21:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:9 cpe:/a:redhat:enterprise_linux:9::appstream
References

Wed, 07 May 2025 15:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:8
cpe:/a:redhat:rhel_aus:8.2
cpe:/a:redhat:rhel_aus:8.4
cpe:/a:redhat:rhel_aus:8.6
cpe:/a:redhat:rhel_e4s:8.4
cpe:/a:redhat:rhel_e4s:8.6
cpe:/a:redhat:rhel_eus:8.8
cpe:/a:redhat:rhel_eus:9.2
cpe:/a:redhat:rhel_tus:8.4
cpe:/a:redhat:rhel_tus:8.6
cpe:/o:redhat:enterprise_linux:8

Wed, 07 May 2025 08:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Tus
CPEs cpe:/a:redhat:rhel_aus:8.4::appstream
cpe:/a:redhat:rhel_aus:8.6::appstream
cpe:/a:redhat:rhel_e4s:8.4::appstream
cpe:/a:redhat:rhel_e4s:8.6::appstream
cpe:/a:redhat:rhel_tus:8.4::appstream
cpe:/a:redhat:rhel_tus:8.6::appstream
cpe:/o:redhat:rhel_aus:8.4::baseos
cpe:/o:redhat:rhel_aus:8.6::baseos
cpe:/o:redhat:rhel_e4s:8.4::baseos
cpe:/o:redhat:rhel_e4s:8.6::baseos
cpe:/o:redhat:rhel_tus:8.4::baseos
cpe:/o:redhat:rhel_tus:8.6::baseos
Vendors & Products Redhat rhel Tus
References

Tue, 06 May 2025 20:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/a:redhat:rhel_eus:8.8::appstream
cpe:/a:redhat:rhel_eus:9.2::appstream
cpe:/o:redhat:enterprise_linux:8::baseos
cpe:/o:redhat:rhel_eus:8.8::baseos
References

Tue, 06 May 2025 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
CPEs cpe:/a:redhat:rhel_aus:8.2::appstream
cpe:/o:redhat:rhel_aus:8.2::baseos
Vendors & Products Redhat rhel Aus
References

Mon, 05 May 2025 15:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_e4s:9.0
cpe:/a:redhat:rhel_eus:9.4

Mon, 05 May 2025 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_eus:9.4::appstream
Vendors & Products Redhat rhel Eus
References

Mon, 05 May 2025 02:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel E4s
CPEs cpe:/a:redhat:rhel_e4s:9.0::appstream
Vendors & Products Redhat rhel E4s
References

Fri, 25 Apr 2025 02:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Thu, 24 Apr 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 24 Apr 2025 13:15:00 +0000

Type Values Removed Values Added
Description A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes.
Title Libsoup: memory leak on soup_header_parse_quality_list() via soup-headers.c
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-401
CPEs cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-09-25T18:28:09.013Z

Reserved: 2025-04-24T01:37:42.412Z

Link: CVE-2025-46420

cve-icon Vulnrichment

Updated: 2025-04-24T13:15:13.333Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-04-24T13:15:45.553

Modified: 2025-07-28T13:15:29.870

Link: CVE-2025-46420

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-04-24T00:00:00Z

Links: CVE-2025-46420 - Bugzilla

cve-icon OpenCVE Enrichment

No data.