CNNVD-202601-3179 Information
CNNVD ID
CNNVD-202601-3179
Related CVE
- CNNVD Published: 2026-01-20
Description (Chinese)
OwnTone是开源(OwnTone)的一个 Linux/FreeBSD DAAP (iTunes)、MPD (Music Player Daemon) 和 RSP (Roku) 媒体服务器。 OwnTone存在安全漏洞,该漏洞源于parse_meta函数存在空指针取消引用,可能导致通过发送特制的DAAP请求造成拒绝服务。
Description (English)
OwnTone is a Linux/FreeBSD DAAP (iTunes), MPD (Music Player Daemon) and RSP (Roku) media server. OwnTone has a security loophole, which stems from the existence of an empty pointer to cancel the reference in the Parse meta function, which may result in a denial of service by sending a specially designed DAAP request.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
开源
Published
2026-01-20
Last Modified
2026-02-24
References
https://github.com/archersec/poc/tree/master/owntone-server https://github.com/archersec/security-advisories/blob/master/owntone-server/owntone-server-advisory-2025.md https://github.com/owntone/owntone-server/commit/53ee9a3c3921e5448f502800c4dfa787865f6cb7 https://access.redhat.com/security/cve/cve-2025-63647
Patch
https://github.com/owntone/owntone-server/releases
Share on: