Home

Description

NULL pointer dereference in the daap_reply_groups function in src/httpd_daap.c in owntone-server through commit 5e6f19a (newer commit after version 28.2) allows remote attackers to cause a Denial of Service.

PUBLISHED Reserved 2025-08-17 | Published 2026-01-20 | Updated 2026-01-21 | Assigner mitre

References

github.com/...ommit/d857116e4143a500d6a1ea13f4baa057ba3b0028

github.com/...owntone-server/owntone-server-advisory-2025.md

cve.org (CVE-2025-57155)

nvd.nist.gov (CVE-2025-57155)

Download JSON