CVE-2025-4945
Libsoup: integer overflow in cookie expiration date handling in libsoup
A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Produtos afetados
libsoupRed Hat · Red Hat Enterprise Linux 10Red Hat · Red Hat Enterprise Linux 6Red Hat · Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat · Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat · Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat · Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat · Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat · Red Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 9.4 Extended Update SupportQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://access.redhat.com/errata/RHSA-2025:19713https://access.redhat.com/errata/RHSA-2025:19714https://access.redhat.com/errata/RHSA-2025:19720https://access.redhat.com/errata/RHSA-2025:20959https://access.redhat.com/errata/RHSA-2025:21032https://access.redhat.com/errata/RHSA-2025:21655https://access.redhat.com/errata/RHSA-2025:21656https://access.redhat.com/errata/RHSA-2025:21657https://access.redhat.com/errata/RHSA-2025:21664https://access.redhat.com/errata/RHSA-2025:21665https://access.redhat.com/errata/RHSA-2025:21666https://access.redhat.com/errata/RHSA-2025:21772