UBUNTU-CVE-2025-50681

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2025-50681
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-50681.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-50681
Upstream
Published
2025-12-19T15:15:00Z
Modified
2026-01-20T19:09:43.015632Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

igmpproxy 0.4 before commit 2b30c36 allows remote attackers to cause a denial of service (application crash) via a crafted IGMPv3 membership report packet with a malicious source address. Due to insufficient validation in the recv_igmp() function in src/igmpproxy.c, an invalid group record type can trigger a NULL pointer dereference when logging the address using inet_fmtsrc(). This vulnerability can be exploited by sending malformed multicast traffic to a host running igmpproxy, leading to a crash. igmpproxy is used in various embedded networking environments and consumer-grade IoT devices (such as home routers and media gateways) to handle multicast traffic for IPTV and other streaming services. Affected devices that rely on unpatched versions of igmpproxy may be vulnerable to remote denial-of-service attacks across a LAN .

References

Affected packages

Ubuntu:18.04:LTS / igmpproxy

Package

Name
igmpproxy
Purl
pkg:deb/ubuntu/igmpproxy@0.2.1-1?arch=source&distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.1-1
0.2-1
0.2.1-1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "0.2.1-1",
            "binary_name": "igmpproxy"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-50681.json"

Ubuntu:20.04:LTS / igmpproxy

Package

Name
igmpproxy
Purl
pkg:deb/ubuntu/igmpproxy@0.2.1-1?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.2.1-1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "0.2.1-1",
            "binary_name": "igmpproxy"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-50681.json"

Ubuntu:22.04:LTS / igmpproxy

Package

Name
igmpproxy
Purl
pkg:deb/ubuntu/igmpproxy@0.3-1?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.3-1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "0.3-1",
            "binary_name": "igmpproxy"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-50681.json"

Ubuntu:24.04:LTS / igmpproxy

Package

Name
igmpproxy
Purl
pkg:deb/ubuntu/igmpproxy@0.3-1?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.3-1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "0.3-1",
            "binary_name": "igmpproxy"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-50681.json"

Ubuntu:25.10 / igmpproxy

Package

Name
igmpproxy
Purl
pkg:deb/ubuntu/igmpproxy@0.3-1?arch=source&distro=questing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.3-1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "0.3-1",
            "binary_name": "igmpproxy"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-50681.json"