2378888 – libsoup: libsoup null pointer dereference

Bug 2378888 - libsoup: libsoup null pointer dereference [NEEDINFO]

Summary: libsoup: libsoup null pointer dereference

Keywords:
Status:	NEW
Alias:	None
Product:	Security Response
Classification:	Other
Component:	vulnerability-draft
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2378889 2378890 2378891
Blocks:
TreeView+	depends on / blocked

Reported:	2025-07-08 21:15 UTC by OSIDB Bzimport
Modified:	2025-07-30 06:01 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:
Flags:	carnil: needinfo? (prodsec-dev)

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-07-08 21:15:23 UTC

A flaw was found in libsoup. A null pointer dereference vulnerability has been identifier in libsoup's cookie parsing functionality. When processing a cookie with no Domain parameter, the soup_cookie_jar_add_cookie() function will crash, resulting in denial of service.

Comment 2 Salvatore Bonaccorso 2025-07-10 06:24:08 UTC

According to https://gitlab.gnome.org/GNOME/libsoup/-/issues/430#note_2494098 this CVE has been retracted, can you please reject the CVE and remove the CVE alias here in the bugzilla?

Note You need to log in before you can comment on or make changes to this bug.