CVE-2025-57155
- Source
- https://cve.org/CVERecord?id=CVE-2025-57155
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-57155.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-57155
- Published
- 2026-01-20T21:16:03.670Z
- Modified
- 2026-03-13T03:37:57.764751Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
NULL pointer dereference in the daapreplygroups function in src/httpd_daap.c in owntone-server through commit 5e6f19a (newer commit after version 28.2) allows remote attackers to cause a Denial of Service.
- References
Affected packages
Git / github.com/owntone/owntone-server
Affected versions
0.*
0.10
0.11
0.12
0.19
20.*
20.0
21.*
21.0
22.*
22.0
22.1
22.2
22.3
23.*
23.0
23.1
23.2
23.3
23.4
24.*
24.0
24.1
24.2
25.*
25.0
26.*
26.0
26.1
26.2
26.3
26.4
26.5
27.*
27.0
27.1
27.2
27.3
27.4
28.*
28.0
28.1
28.2
Other
fork_cleanedup
mt-daapd_svn1696
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-57155.json"
vanir_signatures
[
{
"id": "CVE-2025-57155-6b289a01",
"signature_type": "Function",
"digest": {
"function_hash": "273648544931325553011296851607772447500",
"length": 4214.0
},
"target": {
"file": "src/httpd_daap.c",
"function": "daap_reply_groups"
},
"source": "https://github.com/owntone/owntone-server/commit/d857116e4143a500d6a1ea13f4baa057ba3b0028",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2025-57155-9bb9e161",
"signature_type": "Line",
"digest": {
"line_hashes": [
"77942662531759531809468676578406614646",
"93087663186012350064715594069544950478",
"163560037179021653834296880695740657965",
"75408497262830217011774637920224867377"
],
"threshold": 0.9
},
"target": {
"file": "src/httpd_daap.c"
},
"source": "https://github.com/owntone/owntone-server/commit/d857116e4143a500d6a1ea13f4baa057ba3b0028",
"signature_version": "v1",
"deprecated": false
}
]