SUSE SLES15 Security Update : libsoup (SUSE-SU-2025:4514-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4514-1 advisory. - CVE-2025-12105: Fixed heap use-after-free in message queue handling during HTTP/2 read completion bsc1252555 Tenable has extracte...

Libsoup: heap use-after-free in libsoup message queue handling during http/2 read completion

...

libsoup: Heap Use-After-Free in libsoup message queue handling during HTTP/2 read completion

A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missin...

CVE-2025-12105

CVE-2025-12105 affects libsoup3 and is caused by a heap use-after-free in the asynchronous message queue handling during HTTP/2 read completion. When network operations are aborted at specific timing, a message queue item may be freed twice, enabling a remote attacker to trigger a denial-of-servi...