2405992 – (CVE-2025-12105) CVE-2025-12105 libsoup: Heap Use-After-Free in libsoup message queue handling during HTTP/2 read completion

Bug 2405992 (CVE-2025-12105) - CVE-2025-12105 libsoup: Heap Use-After-Free in libsoup message queue handling during HTTP/2 read completion

Summary: CVE-2025-12105 libsoup: Heap Use-After-Free in libsoup message queue handling...

Keywords:
Status:	NEW
Alias:	CVE-2025-12105
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2405993 2405994 2405995 2405996 2405997 2405998
Blocks:
TreeView+	depends on / blocked

Reported:	2025-10-23 08:33 UTC by OSIDB Bzimport
Modified:	2025-10-23 09:11 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-10-23 08:33:50 UTC

A Heap Use-After-Free vulnerability was found in the queue item management logic of the libsoup HTTP client library. The flaw occurs when a queued message is “finished” twice under specific timing conditions during asynchronous read operations. When the run_until_read_done() function attempts to finalize an already-finished item, memory previously freed is accessed again, resulting in undefined behavior or a crash. This condition can be triggered remotely via crafted HTTP/2 request sequences or abrupt connection terminations. Exploitation does not require authentication or user interaction, and can lead to application crashes or denial of service in software using libsoup for network communications.

Note You need to log in before you can comment on or make changes to this bug.