CVE-2025-4945

{"id": "CVE-2025-4945", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.2}]}, "published": "2025-05-19T17:15:29.103", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-4945", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367175", "source": "secalert@redhat.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en la l\u00f3gica de an\u00e1lisis de cookies de la librer\u00eda HTTP libsoup, utilizada en aplicaciones de GNOME y otro software. La vulnerabilidad surge al procesar la fecha de caducidad de las cookies, donde un valor especialmente manipulado puede provocar un desbordamiento de enteros. Esto puede provocar un comportamiento indefinido, permitiendo a un atacante eludir la l\u00f3gica de caducidad de las cookies y provocando un comportamiento persistente o no deseado. El problema se debe a la validaci\u00f3n incorrecta de entradas de enteros grandes durante las operaciones aritm\u00e9ticas de fechas dentro de las rutinas de an\u00e1lisis de cookies."}], "lastModified": "2025-05-21T20:25:16.407", "sourceIdentifier": "secalert@redhat.com"}