Skip to main content

GNOME CVE-2025-4945

LOW
Integer Overflow or Wraparound (CWE-190)
2025-05-19 secalert@redhat.com
Buffer Overflow Integer Overflow
3.7
CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 19, 2026 - 18:30 vuln.today
CVE Published
May 19, 2025 - 17:15 nvd
LOW 3.7

DescriptionNVD

A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines.

AnalysisAI

A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software.

Technical ContextAI

An integer overflow occurs when an arithmetic operation produces a value that exceeds the maximum (or minimum) size of the integer type used to store it. This vulnerability is classified as Integer Overflow or Wraparound (CWE-190).

Affected ProductsAI

Affected: GNOME applications and other software

RemediationAI

Use safe integer arithmetic libraries. Check for overflow conditions before operations. Use appropriately sized integer types.

Share

CVE-2025-4945 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy