{ "document": { "aggregate_severity": { "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "CVE-2025-32050: fix overflow in append_param_quoted()\n- CVE-2025-32052: fix heap buffer overflow in soup_content_sniffer_sniff()\n- CVE-2025-32053: fix heap buffer overflow in sniff_feed_or_html()\n- CVE-2025-32907: soup-message-headers: correct merge of ranges\n- CVE-2025-46420: fix leak in soup_header_parse_quality_list()\n- CVE-2025-46421: strip authentication credentails on cross-origin redirect\n- CVE-2025-2784: fix heap buffer over-read when sniffing content via the\n skip_insight_whitespace() function", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/oraclelinux7els/advisories/2025/clsa-2025_1753120992.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1753120992", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1753120992" } ], "tracking": { "current_release_date": "2025-07-21T18:04:14Z", "generator": { "date": "2025-07-21T18:04:14Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1753120992", "initial_release_date": "2025-07-21T18:04:14Z", "revision_history": [ { "date": "2025-07-21T18:04:14Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "libsoup: Fix of 7 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle Linux 7", "product": { "name": "Oracle Linux 7", "product_id": "Oracle-Linux-7", "product_identification_helper": { "cpe": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Oracle Linux" } ], "category": "vendor", "name": "Oracle Corporation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "libsoup-devel-0:2.62.2-2.0.1.el7.tuxcare.els5.i686", "product": { "name": "libsoup-devel-0:2.62.2-2.0.1.el7.tuxcare.els5.i686", "product_id": "libsoup-devel-0:2.62.2-2.0.1.el7.tuxcare.els5.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libsoup-devel@2.62.2-2.0.1.el7.tuxcare.els5?arch=i686" } } }, { "category": "product_version", "name": "libsoup-0:2.62.2-2.0.1.el7.tuxcare.els5.i686", "product": { "name": "libsoup-0:2.62.2-2.0.1.el7.tuxcare.els5.i686", "product_id": "libsoup-0:2.62.2-2.0.1.el7.tuxcare.els5.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libsoup@2.62.2-2.0.1.el7.tuxcare.els5?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "libsoup-devel-0:2.62.2-2.0.1.el7.tuxcare.els5.x86_64", "product": { "name": "libsoup-devel-0:2.62.2-2.0.1.el7.tuxcare.els5.x86_64", "product_id": "libsoup-devel-0:2.62.2-2.0.1.el7.tuxcare.els5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libsoup-devel@2.62.2-2.0.1.el7.tuxcare.els5?arch=x86_64" } } }, { "category": "product_version", "name": "libsoup-0:2.62.2-2.0.1.el7.tuxcare.els5.x86_64", "product": { "name": "libsoup-0:2.62.2-2.0.1.el7.tuxcare.els5.x86_64", "product_id": "libsoup-0:2.62.2-2.0.1.el7.tuxcare.els5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libsoup@2.62.2-2.0.1.el7.tuxcare.els5?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "libsoup-devel-0:2.62.2-2.0.1.el7.tuxcare.els5.i686 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:libsoup-devel-0:2.62.2-2.0.1.el7.tuxcare.els5.i686" }, "product_reference": "libsoup-devel-0:2.62.2-2.0.1.el7.tuxcare.els5.i686", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "libsoup-devel-0:2.62.2-2.0.1.el7.tuxcare.els5.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:libsoup-devel-0:2.62.2-2.0.1.el7.tuxcare.els5.x86_64" }, "product_reference": "libsoup-devel-0:2.62.2-2.0.1.el7.tuxcare.els5.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "libsoup-0:2.62.2-2.0.1.el7.tuxcare.els5.i686 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:libsoup-0:2.62.2-2.0.1.el7.tuxcare.els5.i686" }, "product_reference": "libsoup-0:2.62.2-2.0.1.el7.tuxcare.els5.i686", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "libsoup-0:2.62.2-2.0.1.el7.tuxcare.els5.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:libsoup-0:2.62.2-2.0.1.el7.tuxcare.els5.x86_64" }, "product_reference": "libsoup-0:2.62.2-2.0.1.el7.tuxcare.els5.x86_64", "relates_to_product_reference": "Oracle-Linux-7" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-32053", "cwe": { "id": "CWE-126", "name": "Buffer Over-read" }, "notes": [ { "category": "description", "text": "A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:libsoup-devel-0:2.62.2-2.0.1.el7.tuxcare.els5.i686", "Oracle-Linux-7:libsoup-devel-0:2.62.2-2.0.1.el7.tuxcare.els5.x86_64", "Oracle-Linux-7:libsoup-0:2.62.2-2.0.1.el7.tuxcare.els5.i686", "Oracle-Linux-7:libsoup-0:2.62.2-2.0.1.el7.tuxcare.els5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-32053" } ], "release_date": "2025-04-03T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1" }, "products": [ "Oracle-Linux-7:libsoup-devel-0:2.62.2-2.0.1.el7.tuxcare.els5.i686", "Oracle-Linux-7:libsoup-devel-0:2.62.2-2.0.1.el7.tuxcare.els5.x86_64", "Oracle-Linux-7:libsoup-0:2.62.2-2.0.1.el7.tuxcare.els5.i686", "Oracle-Linux-7:libsoup-0:2.62.2-2.0.1.el7.tuxcare.els5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-32907", "cwe": { "id": "CWE-1050", "name": "Excessive Platform Resource Consumption within a Loop" }, "notes": [ { "category": "description", "text": "A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a full denial of service.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:libsoup-devel-0:2.62.2-2.0.1.el7.tuxcare.els5.i686", "Oracle-Linux-7:libsoup-devel-0:2.62.2-2.0.1.el7.tuxcare.els5.x86_64", "Oracle-Linux-7:libsoup-0:2.62.2-2.0.1.el7.tuxcare.els5.i686", "Oracle-Linux-7:libsoup-0:2.62.2-2.0.1.el7.tuxcare.els5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-32907" } ], "release_date": "2025-04-14T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "Oracle-Linux-7:libsoup-devel-0:2.62.2-2.0.1.el7.tuxcare.els5.i686", "Oracle-Linux-7:libsoup-devel-0:2.62.2-2.0.1.el7.tuxcare.els5.x86_64", "Oracle-Linux-7:libsoup-0:2.62.2-2.0.1.el7.tuxcare.els5.i686", "Oracle-Linux-7:libsoup-0:2.62.2-2.0.1.el7.tuxcare.els5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-46420", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "notes": [ { "category": "description", "text": "A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:libsoup-devel-0:2.62.2-2.0.1.el7.tuxcare.els5.i686", "Oracle-Linux-7:libsoup-devel-0:2.62.2-2.0.1.el7.tuxcare.els5.x86_64", "Oracle-Linux-7:libsoup-0:2.62.2-2.0.1.el7.tuxcare.els5.i686", "Oracle-Linux-7:libsoup-0:2.62.2-2.0.1.el7.tuxcare.els5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-46420" } ], "release_date": "2025-04-24T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:libsoup-devel-0:2.62.2-2.0.1.el7.tuxcare.els5.i686", "Oracle-Linux-7:libsoup-devel-0:2.62.2-2.0.1.el7.tuxcare.els5.x86_64", "Oracle-Linux-7:libsoup-0:2.62.2-2.0.1.el7.tuxcare.els5.i686", "Oracle-Linux-7:libsoup-0:2.62.2-2.0.1.el7.tuxcare.els5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-32050", "cwe": { "id": "CWE-127", "name": "Buffer Under-read" }, "notes": [ { "category": "description", "text": "A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:libsoup-devel-0:2.62.2-2.0.1.el7.tuxcare.els5.i686", "Oracle-Linux-7:libsoup-devel-0:2.62.2-2.0.1.el7.tuxcare.els5.x86_64", "Oracle-Linux-7:libsoup-0:2.62.2-2.0.1.el7.tuxcare.els5.i686", "Oracle-Linux-7:libsoup-0:2.62.2-2.0.1.el7.tuxcare.els5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-32050" } ], "release_date": "2025-04-03T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:libsoup-devel-0:2.62.2-2.0.1.el7.tuxcare.els5.i686", "Oracle-Linux-7:libsoup-devel-0:2.62.2-2.0.1.el7.tuxcare.els5.x86_64", "Oracle-Linux-7:libsoup-0:2.62.2-2.0.1.el7.tuxcare.els5.i686", "Oracle-Linux-7:libsoup-0:2.62.2-2.0.1.el7.tuxcare.els5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-2784", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:libsoup-devel-0:2.62.2-2.0.1.el7.tuxcare.els5.i686", "Oracle-Linux-7:libsoup-devel-0:2.62.2-2.0.1.el7.tuxcare.els5.x86_64", "Oracle-Linux-7:libsoup-0:2.62.2-2.0.1.el7.tuxcare.els5.i686", "Oracle-Linux-7:libsoup-0:2.62.2-2.0.1.el7.tuxcare.els5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-2784" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:7505", "url": "https://access.redhat.com/errata/RHSA-2025:7505" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:8126", "url": "https://access.redhat.com/errata/RHSA-2025:8126" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:8132", "url": "https://access.redhat.com/errata/RHSA-2025:8132" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:8139", "url": "https://access.redhat.com/errata/RHSA-2025:8139" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:8140", "url": "https://access.redhat.com/errata/RHSA-2025:8140" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:8252", "url": "https://access.redhat.com/errata/RHSA-2025:8252" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:8480", "url": "https://access.redhat.com/errata/RHSA-2025:8480" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:8481", "url": "https://access.redhat.com/errata/RHSA-2025:8481" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:8482", "url": "https://access.redhat.com/errata/RHSA-2025:8482" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:8663", "url": "https://access.redhat.com/errata/RHSA-2025:8663" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:9179", "url": "https://access.redhat.com/errata/RHSA-2025:9179" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2025-2784", "url": "https://access.redhat.com/security/cve/CVE-2025-2784" }, { "category": "external", "summary": "https://bugzilla.redhat.com/show_bug.cgi?id=2354669", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2354669" }, { "category": "external", "summary": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/422", "url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/422" } ], "release_date": "2025-04-03T03:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Oracle-Linux-7:libsoup-devel-0:2.62.2-2.0.1.el7.tuxcare.els5.i686", "Oracle-Linux-7:libsoup-devel-0:2.62.2-2.0.1.el7.tuxcare.els5.x86_64", "Oracle-Linux-7:libsoup-0:2.62.2-2.0.1.el7.tuxcare.els5.i686", "Oracle-Linux-7:libsoup-0:2.62.2-2.0.1.el7.tuxcare.els5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-46421", "cwe": { "id": "CWE-497", "name": "Exposure of Sensitive System Information to an Unauthorized Control Sphere" }, "notes": [ { "category": "description", "text": "A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:libsoup-devel-0:2.62.2-2.0.1.el7.tuxcare.els5.i686", "Oracle-Linux-7:libsoup-devel-0:2.62.2-2.0.1.el7.tuxcare.els5.x86_64", "Oracle-Linux-7:libsoup-0:2.62.2-2.0.1.el7.tuxcare.els5.i686", "Oracle-Linux-7:libsoup-0:2.62.2-2.0.1.el7.tuxcare.els5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-46421" } ], "release_date": "2025-04-24T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "Oracle-Linux-7:libsoup-devel-0:2.62.2-2.0.1.el7.tuxcare.els5.i686", "Oracle-Linux-7:libsoup-devel-0:2.62.2-2.0.1.el7.tuxcare.els5.x86_64", "Oracle-Linux-7:libsoup-0:2.62.2-2.0.1.el7.tuxcare.els5.i686", "Oracle-Linux-7:libsoup-0:2.62.2-2.0.1.el7.tuxcare.els5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-32052", "cwe": { "id": "CWE-126", "name": "Buffer Over-read" }, "notes": [ { "category": "description", "text": "A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:libsoup-devel-0:2.62.2-2.0.1.el7.tuxcare.els5.i686", "Oracle-Linux-7:libsoup-devel-0:2.62.2-2.0.1.el7.tuxcare.els5.x86_64", "Oracle-Linux-7:libsoup-0:2.62.2-2.0.1.el7.tuxcare.els5.i686", "Oracle-Linux-7:libsoup-0:2.62.2-2.0.1.el7.tuxcare.els5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-32052" } ], "release_date": "2025-04-03T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1" }, "products": [ "Oracle-Linux-7:libsoup-devel-0:2.62.2-2.0.1.el7.tuxcare.els5.i686", "Oracle-Linux-7:libsoup-devel-0:2.62.2-2.0.1.el7.tuxcare.els5.x86_64", "Oracle-Linux-7:libsoup-0:2.62.2-2.0.1.el7.tuxcare.els5.i686", "Oracle-Linux-7:libsoup-0:2.62.2-2.0.1.el7.tuxcare.els5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] } ] }