CVE-2025-32052: 
Alma Linux vulnerability analysis and mitigation

A heap buffer over-read vulnerability was discovered in libsoup's sniffunknown() function (CVE-2025-32052). The vulnerability affects libsoup versions prior to 3.6.1, where libsoup clients may read out of bounds in response to a crafted HTTP response sent by an HTTP server. The vulnerability was reported on April 3, 2025 ([Red Hat Bugzilla](https://bugzilla.redhat.com/showbug.cgi?id=2357069)).

The vulnerability is classified as a Buffer Over-read (CWE-126) with a CVSS v3.1 Base Score of 6.5 (Medium). The attack vector is network-based (AV:N) with low attack complexity (AC:L), requiring no privileges (PR:N) or user interaction (UI:N). The scope is unchanged (S:U) with low impacts on confidentiality (C:L) and availability (A:L), but no impact on integrity (I:N) (NVD).

By reading out-of-bounds memory, attackers might be able to access secret values, such as memory addresses, which could potentially be used to bypass protection mechanisms. Additionally, the vulnerability could be exploited to cause applications using libsoup to crash, resulting in a denial of service (Ubuntu Security).

The vulnerability has been fixed in libsoup version 3.6.1. Various Linux distributions have released security updates to address this issue. Ubuntu has released updates for multiple versions: Ubuntu 24.10 (libsoup-2.4-1 version 2.74.3-7ubuntu0.2, libsoup-3.0-0 version 3.6.0-2ubuntu0.2), Ubuntu 24.04 (libsoup-2.4-1 version 2.74.3-6ubuntu1.2, libsoup-3.0-0 version 3.4.4-5ubuntu0.2), and other supported versions (Ubuntu Security).