UBUNTU-CVE-2025-4945
- Source
- https://ubuntu.com/security/CVE-2025-4945
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-4945.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-4945
- Upstream
- Downstream
- Related
- Published
- 2025-05-19T17:15:00Z
- Modified
- 2025-07-17T17:17:39Z
- Severity
-
- 3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines.
- References
Affected packages
Ubuntu:Pro:16.04:LTS / libsoup2.4
Package
- Name
- libsoup2.4
- Purl
- pkg:deb/ubuntu/libsoup2.4@2.52.2-1ubuntu0.3+esm5?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.52.2-1ubuntu0.3+esm5
Affected versions
2.*
2.50.0-2debian1
2.52.1-1
2.52.2-1
2.52.2-1ubuntu0.1
2.52.2-1ubuntu0.2
2.52.2-1ubuntu0.3
2.52.2-1ubuntu0.3+esm1
2.52.2-1ubuntu0.3+esm2
2.52.2-1ubuntu0.3+esm3
2.52.2-1ubuntu0.3+esm4
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "gir1.2-soup-2.4",
"binary_version": "2.52.2-1ubuntu0.3+esm5"
},
{
"binary_name": "gir1.2-soup-2.4-dbgsym",
"binary_version": "2.52.2-1ubuntu0.3+esm5"
},
{
"binary_name": "libsoup-gnome2.4-1",
"binary_version": "2.52.2-1ubuntu0.3+esm5"
},
{
"binary_name": "libsoup-gnome2.4-1-dbgsym",
"binary_version": "2.52.2-1ubuntu0.3+esm5"
},
{
"binary_name": "libsoup-gnome2.4-dev",
"binary_version": "2.52.2-1ubuntu0.3+esm5"
},
{
"binary_name": "libsoup-gnome2.4-dev-dbgsym",
"binary_version": "2.52.2-1ubuntu0.3+esm5"
},
{
"binary_name": "libsoup2.4-1",
"binary_version": "2.52.2-1ubuntu0.3+esm5"
},
{
"binary_name": "libsoup2.4-1-dbgsym",
"binary_version": "2.52.2-1ubuntu0.3+esm5"
},
{
"binary_name": "libsoup2.4-dbg",
"binary_version": "2.52.2-1ubuntu0.3+esm5"
},
{
"binary_name": "libsoup2.4-dev",
"binary_version": "2.52.2-1ubuntu0.3+esm5"
},
{
"binary_name": "libsoup2.4-dev-dbgsym",
"binary_version": "2.52.2-1ubuntu0.3+esm5"
},
{
"binary_name": "libsoup2.4-doc",
"binary_version": "2.52.2-1ubuntu0.3+esm5"
}
]
}
Ubuntu:Pro:18.04:LTS / libsoup2.4
Package
- Name
- libsoup2.4
- Purl
- pkg:deb/ubuntu/libsoup2.4@2.62.1-1ubuntu0.4+esm6?arch=source&distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.62.1-1ubuntu0.4+esm6
Affected versions
2.*
2.60.1-1
2.60.2-1
2.60.2-2
2.60.3-1
2.61.90-1
2.62.0-1
2.62.1-1
2.62.1-1ubuntu0.1
2.62.1-1ubuntu0.3
2.62.1-1ubuntu0.4
2.62.1-1ubuntu0.4+esm1
2.62.1-1ubuntu0.4+esm2
2.62.1-1ubuntu0.4+esm3
2.62.1-1ubuntu0.4+esm4
2.62.1-1ubuntu0.4+esm5
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "gir1.2-soup-2.4",
"binary_version": "2.62.1-1ubuntu0.4+esm6"
},
{
"binary_name": "libsoup-gnome2.4-1",
"binary_version": "2.62.1-1ubuntu0.4+esm6"
},
{
"binary_name": "libsoup-gnome2.4-1-dbgsym",
"binary_version": "2.62.1-1ubuntu0.4+esm6"
},
{
"binary_name": "libsoup-gnome2.4-dev",
"binary_version": "2.62.1-1ubuntu0.4+esm6"
},
{
"binary_name": "libsoup2.4-1",
"binary_version": "2.62.1-1ubuntu0.4+esm6"
},
{
"binary_name": "libsoup2.4-1-dbgsym",
"binary_version": "2.62.1-1ubuntu0.4+esm6"
},
{
"binary_name": "libsoup2.4-dev",
"binary_version": "2.62.1-1ubuntu0.4+esm6"
},
{
"binary_name": "libsoup2.4-doc",
"binary_version": "2.62.1-1ubuntu0.4+esm6"
}
]
}
Ubuntu:Pro:20.04:LTS / libsoup2.4
Package
- Name
- libsoup2.4
- Purl
- pkg:deb/ubuntu/libsoup2.4@2.70.0-1ubuntu0.5+esm1?arch=source&distro=esm-infra/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.70.0-1ubuntu0.5+esm1
Affected versions
2.*
2.68.2-0ubuntu1
2.68.2-1
2.68.2-2
2.68.2-2build2
2.69.90-1
2.70.0-1
2.70.0-1ubuntu0.1
2.70.0-1ubuntu0.2
2.70.0-1ubuntu0.3
2.70.0-1ubuntu0.4
2.70.0-1ubuntu0.5
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "gir1.2-soup-2.4",
"binary_version": "2.70.0-1ubuntu0.5+esm1"
},
{
"binary_name": "libsoup-gnome2.4-1",
"binary_version": "2.70.0-1ubuntu0.5+esm1"
},
{
"binary_name": "libsoup-gnome2.4-1-dbgsym",
"binary_version": "2.70.0-1ubuntu0.5+esm1"
},
{
"binary_name": "libsoup-gnome2.4-dev",
"binary_version": "2.70.0-1ubuntu0.5+esm1"
},
{
"binary_name": "libsoup2.4-1",
"binary_version": "2.70.0-1ubuntu0.5+esm1"
},
{
"binary_name": "libsoup2.4-1-dbgsym",
"binary_version": "2.70.0-1ubuntu0.5+esm1"
},
{
"binary_name": "libsoup2.4-dev",
"binary_version": "2.70.0-1ubuntu0.5+esm1"
},
{
"binary_name": "libsoup2.4-doc",
"binary_version": "2.70.0-1ubuntu0.5+esm1"
},
{
"binary_name": "libsoup2.4-tests",
"binary_version": "2.70.0-1ubuntu0.5+esm1"
},
{
"binary_name": "libsoup2.4-tests-dbgsym",
"binary_version": "2.70.0-1ubuntu0.5+esm1"
}
]
}
Ubuntu:22.04:LTS / libsoup2.4
Package
- Name
- libsoup2.4
- Purl
- pkg:deb/ubuntu/libsoup2.4@2.74.2-3ubuntu0.6?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.74.2-3ubuntu0.6
Affected versions
2.*
2.72.0-3ubuntu3
2.74.1-1
2.74.2-2
2.74.2-3
2.74.2-3ubuntu0.1
2.74.2-3ubuntu0.2
2.74.2-3ubuntu0.3
2.74.2-3ubuntu0.4
2.74.2-3ubuntu0.5
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gir1.2-soup-2.4",
"binary_version": "2.74.2-3ubuntu0.6"
},
{
"binary_name": "libsoup-gnome2.4-1",
"binary_version": "2.74.2-3ubuntu0.6"
},
{
"binary_name": "libsoup-gnome2.4-1-dbgsym",
"binary_version": "2.74.2-3ubuntu0.6"
},
{
"binary_name": "libsoup-gnome2.4-dev",
"binary_version": "2.74.2-3ubuntu0.6"
},
{
"binary_name": "libsoup2.4-1",
"binary_version": "2.74.2-3ubuntu0.6"
},
{
"binary_name": "libsoup2.4-1-dbgsym",
"binary_version": "2.74.2-3ubuntu0.6"
},
{
"binary_name": "libsoup2.4-common",
"binary_version": "2.74.2-3ubuntu0.6"
},
{
"binary_name": "libsoup2.4-dev",
"binary_version": "2.74.2-3ubuntu0.6"
},
{
"binary_name": "libsoup2.4-doc",
"binary_version": "2.74.2-3ubuntu0.6"
},
{
"binary_name": "libsoup2.4-tests",
"binary_version": "2.74.2-3ubuntu0.6"
},
{
"binary_name": "libsoup2.4-tests-dbgsym",
"binary_version": "2.74.2-3ubuntu0.6"
}
]
}
Ubuntu:22.04:LTS / libsoup3
Package
- Name
- libsoup3
- Purl
- pkg:deb/ubuntu/libsoup3@3.0.7-0ubuntu1?arch=source&distro=jammy
Ubuntu:Pro:22.04:LTS / libsoup3
Package
- Name
- libsoup3
- Purl
- pkg:deb/ubuntu/libsoup3@3.0.7-0ubuntu1+esm5?arch=source&distro=esm-apps/jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.7-0ubuntu1+esm5
Affected versions
3.*
3.0.4-2
3.0.4-3
3.0.5-1
3.0.7-0ubuntu1
3.0.7-0ubuntu1+esm1
3.0.7-0ubuntu1+esm2
3.0.7-0ubuntu1+esm3
3.0.7-0ubuntu1+esm4
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "gir1.2-soup-3.0",
"binary_version": "3.0.7-0ubuntu1+esm5"
},
{
"binary_name": "libsoup-3.0-0",
"binary_version": "3.0.7-0ubuntu1+esm5"
},
{
"binary_name": "libsoup-3.0-0-dbgsym",
"binary_version": "3.0.7-0ubuntu1+esm5"
},
{
"binary_name": "libsoup-3.0-common",
"binary_version": "3.0.7-0ubuntu1+esm5"
},
{
"binary_name": "libsoup-3.0-dev",
"binary_version": "3.0.7-0ubuntu1+esm5"
},
{
"binary_name": "libsoup-3.0-doc",
"binary_version": "3.0.7-0ubuntu1+esm5"
},
{
"binary_name": "libsoup-3.0-tests",
"binary_version": "3.0.7-0ubuntu1+esm5"
},
{
"binary_name": "libsoup-3.0-tests-dbgsym",
"binary_version": "3.0.7-0ubuntu1+esm5"
}
]
}
Ubuntu:24.04:LTS / libsoup2.4
Package
- Name
- libsoup2.4
- Purl
- pkg:deb/ubuntu/libsoup2.4@2.74.3-6ubuntu1.6?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.74.3-6ubuntu1.6
Affected versions
2.*
2.74.3-1
2.74.3-2
2.74.3-3
2.74.3-6
2.74.3-6build1
2.74.3-6ubuntu1
2.74.3-6ubuntu1.1
2.74.3-6ubuntu1.2
2.74.3-6ubuntu1.3
2.74.3-6ubuntu1.4
2.74.3-6ubuntu1.5
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gir1.2-soup-2.4",
"binary_version": "2.74.3-6ubuntu1.6"
},
{
"binary_name": "libsoup-2.4-1",
"binary_version": "2.74.3-6ubuntu1.6"
},
{
"binary_name": "libsoup-2.4-1-dbgsym",
"binary_version": "2.74.3-6ubuntu1.6"
},
{
"binary_name": "libsoup-gnome-2.4-1",
"binary_version": "2.74.3-6ubuntu1.6"
},
{
"binary_name": "libsoup-gnome-2.4-1-dbgsym",
"binary_version": "2.74.3-6ubuntu1.6"
},
{
"binary_name": "libsoup-gnome2.4-dev",
"binary_version": "2.74.3-6ubuntu1.6"
},
{
"binary_name": "libsoup2.4-common",
"binary_version": "2.74.3-6ubuntu1.6"
},
{
"binary_name": "libsoup2.4-dev",
"binary_version": "2.74.3-6ubuntu1.6"
},
{
"binary_name": "libsoup2.4-doc",
"binary_version": "2.74.3-6ubuntu1.6"
},
{
"binary_name": "libsoup2.4-tests",
"binary_version": "2.74.3-6ubuntu1.6"
},
{
"binary_name": "libsoup2.4-tests-dbgsym",
"binary_version": "2.74.3-6ubuntu1.6"
}
]
}
Ubuntu:24.04:LTS / libsoup3
Package
- Name
- libsoup3
- Purl
- pkg:deb/ubuntu/libsoup3@3.4.4-5ubuntu0.5?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.4.4-5ubuntu0.5
Affected versions
3.*
3.4.2-4
3.4.4-1
3.4.4-2
3.4.4-4
3.4.4-5
3.4.4-5build1
3.4.4-5build2
3.4.4-5ubuntu0.1
3.4.4-5ubuntu0.2
3.4.4-5ubuntu0.3
3.4.4-5ubuntu0.4
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gir1.2-soup-3.0",
"binary_version": "3.4.4-5ubuntu0.5"
},
{
"binary_name": "libsoup-3.0-0",
"binary_version": "3.4.4-5ubuntu0.5"
},
{
"binary_name": "libsoup-3.0-0-dbgsym",
"binary_version": "3.4.4-5ubuntu0.5"
},
{
"binary_name": "libsoup-3.0-common",
"binary_version": "3.4.4-5ubuntu0.5"
},
{
"binary_name": "libsoup-3.0-dev",
"binary_version": "3.4.4-5ubuntu0.5"
},
{
"binary_name": "libsoup-3.0-doc",
"binary_version": "3.4.4-5ubuntu0.5"
},
{
"binary_name": "libsoup-3.0-tests",
"binary_version": "3.4.4-5ubuntu0.5"
},
{
"binary_name": "libsoup-3.0-tests-dbgsym",
"binary_version": "3.4.4-5ubuntu0.5"
}
]
}
Ubuntu:25.04 / libsoup2.4
Package
- Name
- libsoup2.4
- Purl
- pkg:deb/ubuntu/libsoup2.4@2.74.3-10ubuntu0.4?arch=source&distro=plucky
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.74.3-10ubuntu0.4
Affected versions
2.*
2.74.3-7
2.74.3-8
2.74.3-8ubuntu1
2.74.3-8.1
2.74.3-9
2.74.3-10
2.74.3-10ubuntu0.1
2.74.3-10ubuntu0.2
2.74.3-10ubuntu0.3
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gir1.2-soup-2.4",
"binary_version": "2.74.3-10ubuntu0.4"
},
{
"binary_name": "libsoup-2.4-1",
"binary_version": "2.74.3-10ubuntu0.4"
},
{
"binary_name": "libsoup-2.4-1-dbgsym",
"binary_version": "2.74.3-10ubuntu0.4"
},
{
"binary_name": "libsoup-gnome-2.4-1",
"binary_version": "2.74.3-10ubuntu0.4"
},
{
"binary_name": "libsoup-gnome-2.4-1-dbgsym",
"binary_version": "2.74.3-10ubuntu0.4"
},
{
"binary_name": "libsoup-gnome2.4-dev",
"binary_version": "2.74.3-10ubuntu0.4"
},
{
"binary_name": "libsoup2.4-common",
"binary_version": "2.74.3-10ubuntu0.4"
},
{
"binary_name": "libsoup2.4-dev",
"binary_version": "2.74.3-10ubuntu0.4"
},
{
"binary_name": "libsoup2.4-doc",
"binary_version": "2.74.3-10ubuntu0.4"
},
{
"binary_name": "libsoup2.4-tests",
"binary_version": "2.74.3-10ubuntu0.4"
},
{
"binary_name": "libsoup2.4-tests-dbgsym",
"binary_version": "2.74.3-10ubuntu0.4"
}
]
}
Ubuntu:25.04 / libsoup3
Package
- Name
- libsoup3
- Purl
- pkg:deb/ubuntu/libsoup3@3.6.5-1ubuntu0.2?arch=source&distro=plucky
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.6.5-1ubuntu0.2
Affected versions
3.*
3.6.0-2
3.6.0-3
3.6.0-4
3.6.1-1
3.6.4-1
3.6.4-2
3.6.4-3
3.6.5-1
3.6.5-1ubuntu0.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gir1.2-soup-3.0",
"binary_version": "3.6.5-1ubuntu0.2"
},
{
"binary_name": "libsoup-3.0-0",
"binary_version": "3.6.5-1ubuntu0.2"
},
{
"binary_name": "libsoup-3.0-0-dbgsym",
"binary_version": "3.6.5-1ubuntu0.2"
},
{
"binary_name": "libsoup-3.0-common",
"binary_version": "3.6.5-1ubuntu0.2"
},
{
"binary_name": "libsoup-3.0-dev",
"binary_version": "3.6.5-1ubuntu0.2"
},
{
"binary_name": "libsoup-3.0-doc",
"binary_version": "3.6.5-1ubuntu0.2"
},
{
"binary_name": "libsoup-3.0-tests",
"binary_version": "3.6.5-1ubuntu0.2"
},
{
"binary_name": "libsoup-3.0-tests-dbgsym",
"binary_version": "3.6.5-1ubuntu0.2"
}
]
}