CNNVD-202601-3178 Information
CNNVD ID
CNNVD-202601-3178
Related CVE
- CNNVD Published: 2026-01-20
Description (Chinese)
OwnTone是开源(OwnTone)的一个 Linux/FreeBSD DAAP (iTunes)、MPD (Music Player Daemon) 和 RSP (Roku) 媒体服务器。 OwnTone存在安全漏洞,该漏洞源于dacp_reply_playqueueedit_move函数存在空指针取消引用,可能导致通过发送特制的DACP请求造成拒绝服务。
Description (English)
OwnTone is a Linux/FreeBSD DAAP (iTunes), MPD (Music Player Daemon) and RSP (Roku) media server. There is a security loophole in OwnTone, which stems from the absence of an empty pointer to cancel the reference in the dacp reply playqueueedit move function, which may result in a denial of service by sending a specially designed DACP request.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
开源
Published
2026-01-20
Last Modified
2026-02-24
References
https://github.com/archersec/security-advisories/blob/master/owntone-server/owntone-server-advisory-2025.md https://github.com/owntone/owntone-server/commit/5f526c7a7e08c567a5c72421d74a79dafdd07621 https://github.com/owntone/owntone-server/issues/1933 https://access.redhat.com/security/cve/cve-2025-63648
Patch
https://github.com/owntone/owntone-server/releases
Share on: