CVE-2025-7370
Vulnerability
CVE-2025-7370
libsoup: libsoup null pointer dereference
ecosystem: redhat:6A flaw was found in libsoup. A NULL pointer dereference vulnerability occurs in libsoup's cookie parsing functionality. When processing a cookie without a domain parameter, the soup_cookie_jar_add_cookie() function will crash, resulting in a denial of service.
References
- secalert@redhat.com: https://access.redhat.com/security/cve/CVE-2025-7370
- secalert@redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2378888
- secalert@redhat.com: https://nvd.nist.gov/vuln/detail/CVE-2025-7370
- secalert@redhat.com: https://www.cve.org/CVERecord?id=CVE-2025-7370
severityI
Important
type: vendor
source: secalert@redhat.com
CVSS3.1
7.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
| AV | Network | |
|---|---|---|
| AC | Low | |
| PR | None | |
| UI | None | |
| S | Not Changed | |
| C | None | |
| I | None | |
| A | High |
source: secalert@redhat.com
CWE
CWE-476NULL Pointer Dereference
source: secalert@redhat.com
published: 2025-07-08 00:00:00
modified: 2025-07-10 14:11:29
Detection
OR
unfixed
libsoup
package type: source
type: version
tag: rhel-6-els:3ece8bdc-fe8d-81fc-8d6c-6a5761058b20
Data Sources
- RedHat Enterprise Linux CSAF VEX
redhat-vex
