Bug 2367175 (CVE-2025-4945) - CVE-2025-4945 libsoup: Integer Overflow in Cookie Expiration Date Handling in libsoup
Summary: CVE-2025-4945 libsoup: Integer Overflow in Cookie Expiration Date Handling in...
Keywords:
Status: NEW
Alias: CVE-2025-4945
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2367176 2367177 2367178
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-05-19 04:52 UTC by OSIDB Bzimport
Modified: 2025-11-25 05:09 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2025:20015 0 None None None 2025-11-10 11:55:54 UTC
Red Hat Product Errata RHSA-2025:19713 0 None None None 2025-11-04 16:46:36 UTC
Red Hat Product Errata RHSA-2025:19714 0 None None None 2025-11-04 15:24:04 UTC
Red Hat Product Errata RHSA-2025:19720 0 None None None 2025-11-04 17:52:20 UTC
Red Hat Product Errata RHSA-2025:20959 0 None None None 2025-11-11 15:00:26 UTC
Red Hat Product Errata RHSA-2025:21032 0 None None None 2025-11-11 19:48:11 UTC
Red Hat Product Errata RHSA-2025:21655 0 None None None 2025-11-18 05:42:49 UTC
Red Hat Product Errata RHSA-2025:21656 0 None None None 2025-11-18 05:50:09 UTC
Red Hat Product Errata RHSA-2025:21657 0 None None None 2025-11-18 05:58:55 UTC
Red Hat Product Errata RHSA-2025:21664 0 None None None 2025-11-18 08:49:00 UTC
Red Hat Product Errata RHSA-2025:21665 0 None None None 2025-11-18 09:01:32 UTC
Red Hat Product Errata RHSA-2025:21666 0 None None None 2025-11-18 09:04:53 UTC
Red Hat Product Errata RHSA-2025:21772 0 None None None 2025-11-19 17:33:11 UTC
Red Hat Product Errata RHSA-2025:22013 0 None None None 2025-11-25 05:09:42 UTC

Description OSIDB Bzimport 2025-05-19 04:52:50 UTC 
Integer Overflow or Wraparound vulnerability in the cookie parsing logic of the libsoup HTTP client/server library. This issue potentially allows improper handling of cookie expiration dates due to an integer overflow when processing excessively large values. The vulnerability arises from insufficient validation in the conversion logic of cookie expiration timestamps, which can result in undefined behavior. This may enable an attacker to craft malicious cookies that never expire or behave unpredictably, impacting session management and security policies in applications relying on libsoup
Comment 1 errata-xmlrpc 2025-11-04 15:24:03 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:19714 https://access.redhat.com/errata/RHSA-2025:19714
Comment 2 errata-xmlrpc 2025-11-04 16:46:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:19713 https://access.redhat.com/errata/RHSA-2025:19713
Comment 3 errata-xmlrpc 2025-11-04 17:52:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:19720 https://access.redhat.com/errata/RHSA-2025:19720
Comment 4 errata-xmlrpc 2025-11-11 15:00:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:20959 https://access.redhat.com/errata/RHSA-2025:20959
Comment 5 errata-xmlrpc 2025-11-11 19:48:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:21032 https://access.redhat.com/errata/RHSA-2025:21032
Comment 6 errata-xmlrpc 2025-11-18 05:42:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:21655 https://access.redhat.com/errata/RHSA-2025:21655
Comment 7 errata-xmlrpc 2025-11-18 05:50:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:21656 https://access.redhat.com/errata/RHSA-2025:21656
Comment 8 errata-xmlrpc 2025-11-18 05:58:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2025:21657 https://access.redhat.com/errata/RHSA-2025:21657
Comment 9 errata-xmlrpc 2025-11-18 08:48:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:21664 https://access.redhat.com/errata/RHSA-2025:21664
Comment 10 errata-xmlrpc 2025-11-18 09:01:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions

Via RHSA-2025:21665 https://access.redhat.com/errata/RHSA-2025:21665
Comment 11 errata-xmlrpc 2025-11-18 09:04:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:21666 https://access.redhat.com/errata/RHSA-2025:21666
Comment 12 errata-xmlrpc 2025-11-19 17:33:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2025:21772 https://access.redhat.com/errata/RHSA-2025:21772
Comment 13 errata-xmlrpc 2025-11-25 05:09:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2025:22013 https://access.redhat.com/errata/RHSA-2025:22013
Note You need to log in before you can comment on or make changes to this bug.