CVE-2025-4945
Integer overflow vulnerability in libsoup HTTP library's cookie parsing logic
Overview
An integer overflow vulnerability exists in the cookie parsing logic of the libsoup HTTP library, extensively used in GNOME applications and other software. This flaw could allow an attacker to bypass cookie expiration logic, resulting in persistent or unintended cookie behavior.
Technical Details
The vulnerability is caused due to improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines. This leads to an integer overflow and undefined behavior when processing the expiration date of cookies.
CVSS Metrics
- Base Score: 3.7
- Attack Vector: NETWORK
- Attack Complexity: HIGH
- Privileges Required: NONE
- User Interaction: NONE
- Confidentiality Impact: NONE
- Integrity Impact: LOW
- Availability Impact: NONE
Impact
This vulnerability could allow a malicious actor to bypass cookie expiration logic, which could lead to persistent or unintended cookie behavior.
Recommendations
It is advised to update the libsoup HTTP library to a patched version where the error is corrected. Also, ensure all network systems are regularly checked and updated to prevent potential exploitation.
Threat Metrics
- cvss_score: 3.7
- severity: LOW
- attack_vector: NETWORK
- attack_complexity: HIGH