CVE-2021-38383
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-38383
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-38383.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-38383
- Downstream
- Related
- Published
- 2021-08-10T18:15:07Z
- Modified
- 2025-10-21T06:29:19.518369Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
OwnTone (aka owntone-server) through 28.1 has a use-after-free in net_bind() in misc.c.
- References
Affected packages
Git / github.com/owntone/owntone-server
Affected ranges
- Type
- GIT
- Repo
- https://github.com/owntone/owntone-server
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.10
0.11
0.12
0.19
20.*
20.0
21.*
21.0
22.*
22.0
22.1
22.2
22.3
23.*
23.0
23.1
23.2
23.3
23.4
24.*
24.0
24.1
24.2
25.*
25.0
26.*
26.0
26.1
26.2
26.3
26.4
26.5
27.*
27.0
27.1
27.2
27.3
27.4
28.*
28.0
28.1
Other
fork_cleanedup
mt-daapd_svn1696
Database specific
vanir_signatures
[
{
"source": "https://github.com/owntone/owntone-server/commit/246d8ae0cef27377e5dfe9ee3ad87e864d6b6266",
"target": {
"file": "src/misc.c"
},
"deprecated": false,
"id": "CVE-2021-38383-6412a0ab",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"69883862088875992206070454072121435311",
"296955952324277576804356955161755440348",
"175223083008064886023562321144968352866",
"130926764106367091829428854059996205757",
"84957499548747963416642342831692936628",
"248868820442059786475596322846775247264",
"213194923737254017232758755134836929171",
"155590839764132794216314322799956124955",
"153571613008920975766804110518373357793",
"141693835995690170305527367771402171121",
"128652294790855790568860063368583898438",
"21027190664975727016593725696109826460",
"179776558295180564500701855097261104778",
"250583707842328939104907004421961576731",
"245576157150302141910141729878778131604"
]
}
}
]