Owntone Server Buffer Overflow Vulnerability

A buffer overflow vulnerability has been identified in Owntone Server version 2ca10d9. This issue arises from a lack of recursive checking, which can be exploited by crafting a specific HTTP request that includes multiple nested calls. The server's recursive parsing logic for the expression parameter can be leveraged to create an infinite recursion scenario, leading to a stack overflow, crash, or denial-of-service condition.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, resulting in a crash of the Owntone Server application. This behavior is consistent with a denial-of-service condition, where the service becomes unavailable due to the crash.

Reproduction

The vulnerability can be reproduced by sending an HTTP GET request to the '/api/search' endpoint. The 'expression' parameter should be crafted to include multiple nested calls, which will trigger the infinite recursion vulnerability. This can be done using a tool like 'curl' or Postman, by specifying the appropriate headers and request parameters.

Remediation

A commit has been made to address this vulnerability, which is expected to be merged into the master branch. Users should update to the latest version of Owntone Server once this commit is available.