CVE-2025-12105— Libsoup: heap use-after-free in libsoup message queue handling during http/2 read completion
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-12105
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Libsoup: heap use-after-free in libsoup message queue handling during http/2 read completion
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missing state synchronization. This leads to a use-after-free memory access, potentially crashing the affected application. Attackers could exploit this behavior remotely by triggering specific HTTP/2 read and cancel sequences, resulting in a denial-of-service condition.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
释放后使用
Source: NVD (National Vulnerability Database)
Vulnerability Title
libsoup 资源管理错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
libsoup是GNOME项目的一款GNOME的HTTP客户端/服务器库。 libsoup存在资源管理错误漏洞,该漏洞源于异步消息队列处理中缺少状态同步,可能导致释放后重用和拒绝服务攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| GNOME | libsoup | 0 ~ 3.6.5 | - | |
| Red Hat | Red Hat Enterprise Linux 10 | 0:3.6.5-3.el10_1.7 ~ * | cpe:/o:redhat:enterprise_linux:10.1 | |
| Red Hat | Red Hat Enterprise Linux 10.0 Extended Update Support | 0:3.6.5-3.el10_0.10 ~ * | cpe:/o:redhat:enterprise_linux_eus:10.0 | |
| Red Hat | Red Hat Enterprise Linux 6 | - | cpe:/o:redhat:enterprise_linux:6 | |
| Red Hat | Red Hat Enterprise Linux 7 | - | cpe:/o:redhat:enterprise_linux:7 | |
| Red Hat | Red Hat Enterprise Linux 8 | - | cpe:/o:redhat:enterprise_linux:8 | |
| Red Hat | Red Hat Enterprise Linux 9 | - | cpe:/o:redhat:enterprise_linux:9 |
II. Public POCs for CVE-2025-12105
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-12105
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same vendor: GNOME
- CVE-2020-37011
Gnome Fonts Viewer 3.34.0 Heap Corruption - CVE-2025-14512
Glib: integer overflow in glib gio attribute escaping causes - CVE-2025-14087
Glib: glib: buffer underflow in gvariant parser leads to hea - CVE-2025-7424
Libxslt: type confusion in xmlnode.psvi between stylesheet a - CVE-2025-7425
Libxslt: libxml2: heap use-after-free in libxslt caused by a
V. Comments for CVE-2025-12105
No comments yet