UBUNTU-CVE-2025-11021
- Source
- https://ubuntu.com/security/CVE-2025-11021
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-11021.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2025-11021
- Upstream
- Published
- 2025-09-26T09:15:00Z
- Modified
- 2026-04-27T18:46:35.857130Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in unintended disclosure of memory contents, potentially exposing sensitive information from the process using libsoup.
- References
Affected packages
Ubuntu:22.04:LTS
libsoup2.4
Package
- Name
- libsoup2.4
- Purl
- pkg:deb/ubuntu/libsoup2.4@2.74.2-3ubuntu0.6?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.74.2-3ubuntu0.6
Affected versions
2.*
2.72.0-3ubuntu3
2.74.1-1
2.74.2-2
2.74.2-3
2.74.2-3ubuntu0.1
2.74.2-3ubuntu0.2
2.74.2-3ubuntu0.3
2.74.2-3ubuntu0.4
2.74.2-3ubuntu0.5
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.74.2-3ubuntu0.6",
"binary_name": "gir1.2-soup-2.4"
},
{
"binary_version": "2.74.2-3ubuntu0.6",
"binary_name": "libsoup-gnome2.4-1"
},
{
"binary_version": "2.74.2-3ubuntu0.6",
"binary_name": "libsoup2.4-1"
},
{
"binary_version": "2.74.2-3ubuntu0.6",
"binary_name": "libsoup2.4-common"
},
{
"binary_version": "2.74.2-3ubuntu0.6",
"binary_name": "libsoup2.4-tests"
}
],
"availability": "No subscription required"
}Ubuntu:24.04:LTS
libsoup2.4
Package
- Name
- libsoup2.4
- Purl
- pkg:deb/ubuntu/libsoup2.4@2.74.3-6ubuntu1.6?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.74.3-6ubuntu1.6
Affected versions
2.*
2.74.3-1
2.74.3-2
2.74.3-3
2.74.3-6
2.74.3-6build1
2.74.3-6ubuntu1
2.74.3-6ubuntu1.1
2.74.3-6ubuntu1.2
2.74.3-6ubuntu1.3
2.74.3-6ubuntu1.4
2.74.3-6ubuntu1.5
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.74.3-6ubuntu1.6",
"binary_name": "gir1.2-soup-2.4"
},
{
"binary_version": "2.74.3-6ubuntu1.6",
"binary_name": "libsoup-2.4-1"
},
{
"binary_version": "2.74.3-6ubuntu1.6",
"binary_name": "libsoup-gnome-2.4-1"
},
{
"binary_version": "2.74.3-6ubuntu1.6",
"binary_name": "libsoup2.4-common"
},
{
"binary_version": "2.74.3-6ubuntu1.6",
"binary_name": "libsoup2.4-tests"
}
],
"availability": "No subscription required"
}libsoup3
Package
- Name
- libsoup3
- Purl
- pkg:deb/ubuntu/libsoup3@3.4.4-5ubuntu0.5?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.4.4-5ubuntu0.5
Affected versions
3.*
3.4.2-4
3.4.4-1
3.4.4-2
3.4.4-4
3.4.4-5
3.4.4-5build1
3.4.4-5build2
3.4.4-5ubuntu0.1
3.4.4-5ubuntu0.2
3.4.4-5ubuntu0.3
3.4.4-5ubuntu0.4
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.4.4-5ubuntu0.5",
"binary_name": "gir1.2-soup-3.0"
},
{
"binary_version": "3.4.4-5ubuntu0.5",
"binary_name": "libsoup-3.0-0"
},
{
"binary_version": "3.4.4-5ubuntu0.5",
"binary_name": "libsoup-3.0-common"
},
{
"binary_version": "3.4.4-5ubuntu0.5",
"binary_name": "libsoup-3.0-tests"
}
],
"availability": "No subscription required"
}Ubuntu:25.10
libsoup2.4
Package
- Name
- libsoup2.4
- Purl
- pkg:deb/ubuntu/libsoup2.4@2.74.3-10.1ubuntu4?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.74.3-10.1ubuntu4
Affected versions
2.*
2.74.3-10
2.74.3-10.1
2.74.3-10.1ubuntu1
2.74.3-10.1ubuntu2
2.74.3-10.1ubuntu3
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.74.3-10.1ubuntu4",
"binary_name": "gir1.2-soup-2.4"
},
{
"binary_version": "2.74.3-10.1ubuntu4",
"binary_name": "libsoup-2.4-1"
},
{
"binary_version": "2.74.3-10.1ubuntu4",
"binary_name": "libsoup-gnome-2.4-1"
},
{
"binary_version": "2.74.3-10.1ubuntu4",
"binary_name": "libsoup2.4-common"
},
{
"binary_version": "2.74.3-10.1ubuntu4",
"binary_name": "libsoup2.4-tests"
}
],
"availability": "No subscription required"
}libsoup3
Package
- Name
- libsoup3
- Purl
- pkg:deb/ubuntu/libsoup3@3.6.5-3?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.6.5-3
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.6.5-3",
"binary_name": "gir1.2-soup-3.0"
},
{
"binary_version": "3.6.5-3",
"binary_name": "libsoup-3.0-0"
},
{
"binary_version": "3.6.5-3",
"binary_name": "libsoup-3.0-common"
},
{
"binary_version": "3.6.5-3",
"binary_name": "libsoup-3.0-tests"
}
],
"availability": "No subscription required"
}Ubuntu:26.04
libsoup2.4
Package
- Name
- libsoup2.4
- Purl
- pkg:deb/ubuntu/libsoup2.4@2.74.3-10.1ubuntu4?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.74.3-10.1ubuntu4
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.74.3-10.1ubuntu4",
"binary_name": "gir1.2-soup-2.4"
},
{
"binary_version": "2.74.3-10.1ubuntu4",
"binary_name": "libsoup-2.4-1"
},
{
"binary_version": "2.74.3-10.1ubuntu4",
"binary_name": "libsoup-gnome-2.4-1"
},
{
"binary_version": "2.74.3-10.1ubuntu4",
"binary_name": "libsoup2.4-common"
},
{
"binary_version": "2.74.3-10.1ubuntu4",
"binary_name": "libsoup2.4-tests"
}
],
"availability": "No subscription required"
}Ubuntu:Pro:16.04:LTS
libsoup2.4
Package
- Name
- libsoup2.4
- Purl
- pkg:deb/ubuntu/libsoup2.4@2.52.2-1ubuntu0.3+esm5?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.52.2-1ubuntu0.3+esm5
Affected versions
2.*
2.50.0-2debian1
2.52.1-1
2.52.2-1
2.52.2-1ubuntu0.1
2.52.2-1ubuntu0.2
2.52.2-1ubuntu0.3
2.52.2-1ubuntu0.3+esm1
2.52.2-1ubuntu0.3+esm2
2.52.2-1ubuntu0.3+esm3
2.52.2-1ubuntu0.3+esm4
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.52.2-1ubuntu0.3+esm5",
"binary_name": "gir1.2-soup-2.4"
},
{
"binary_version": "2.52.2-1ubuntu0.3+esm5",
"binary_name": "libsoup-gnome2.4-1"
},
{
"binary_version": "2.52.2-1ubuntu0.3+esm5",
"binary_name": "libsoup2.4-1"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}Ubuntu:Pro:18.04:LTS
libsoup2.4
Package
- Name
- libsoup2.4
- Purl
- pkg:deb/ubuntu/libsoup2.4@2.62.1-1ubuntu0.4+esm6?arch=source&distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.62.1-1ubuntu0.4+esm6
Affected versions
2.*
2.60.1-1
2.60.2-1
2.60.2-2
2.60.3-1
2.61.90-1
2.62.0-1
2.62.1-1
2.62.1-1ubuntu0.1
2.62.1-1ubuntu0.3
2.62.1-1ubuntu0.4
2.62.1-1ubuntu0.4+esm1
2.62.1-1ubuntu0.4+esm2
2.62.1-1ubuntu0.4+esm3
2.62.1-1ubuntu0.4+esm4
2.62.1-1ubuntu0.4+esm5
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.62.1-1ubuntu0.4+esm6",
"binary_name": "gir1.2-soup-2.4"
},
{
"binary_version": "2.62.1-1ubuntu0.4+esm6",
"binary_name": "libsoup-gnome2.4-1"
},
{
"binary_version": "2.62.1-1ubuntu0.4+esm6",
"binary_name": "libsoup2.4-1"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}Ubuntu:Pro:20.04:LTS
libsoup2.4
Package
- Name
- libsoup2.4
- Purl
- pkg:deb/ubuntu/libsoup2.4@2.70.0-1ubuntu0.5+esm1?arch=source&distro=esm-infra/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.70.0-1ubuntu0.5+esm1
Affected versions
2.*
2.68.2-0ubuntu1
2.68.2-1
2.68.2-2
2.68.2-2build2
2.69.90-1
2.70.0-1
2.70.0-1ubuntu0.1
2.70.0-1ubuntu0.2
2.70.0-1ubuntu0.3
2.70.0-1ubuntu0.4
2.70.0-1ubuntu0.5
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.70.0-1ubuntu0.5+esm1",
"binary_name": "gir1.2-soup-2.4"
},
{
"binary_version": "2.70.0-1ubuntu0.5+esm1",
"binary_name": "libsoup-gnome2.4-1"
},
{
"binary_version": "2.70.0-1ubuntu0.5+esm1",
"binary_name": "libsoup2.4-1"
},
{
"binary_version": "2.70.0-1ubuntu0.5+esm1",
"binary_name": "libsoup2.4-tests"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}Ubuntu:Pro:22.04:LTS
libsoup3
Package
- Name
- libsoup3
- Purl
- pkg:deb/ubuntu/libsoup3@3.0.7-0ubuntu1+esm5?arch=source&distro=esm-apps/jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.7-0ubuntu1+esm5
Affected versions
3.*
3.0.4-2
3.0.4-3
3.0.5-1
3.0.7-0ubuntu1
3.0.7-0ubuntu1+esm1
3.0.7-0ubuntu1+esm2
3.0.7-0ubuntu1+esm3
3.0.7-0ubuntu1+esm4
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.0.7-0ubuntu1+esm5",
"binary_name": "gir1.2-soup-3.0"
},
{
"binary_version": "3.0.7-0ubuntu1+esm5",
"binary_name": "libsoup-3.0-0"
},
{
"binary_version": "3.0.7-0ubuntu1+esm5",
"binary_name": "libsoup-3.0-common"
},
{
"binary_version": "3.0.7-0ubuntu1+esm5",
"binary_name": "libsoup-3.0-tests"
}
],
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}