igmpproxy Buffer Overflow Vulnerability Leading to Denial-of-Service

A buffer overflow vulnerability has been identified in igmpproxy versions prior to commit 2b30c36. This vulnerability allows remote attackers to cause a denial-of-service by sending crafted IGMPv3 membership report packets with malicious source addresses. The issue arises from insufficient validation in the 'recv_igmp()' function, where an invalid group record type can trigger a NULL pointer dereference by logging the address with 'inet_fmtsrc()'. Exploitation of this vulnerability causes the application to crash. igmpproxy is commonly used in embedded networking environments and consumer-grade IoT devices, such as home routers and media gateways, to manage multicast traffic for IPTV and streaming services. Affected devices running unpatched versions of igmpproxy may experience remote denial-of-service attacks over the local area network.

Impact

Exploitation of this vulnerability leads to a crash of the igmpproxy application, causing a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending malformed multicast traffic to a host running an affected version of igmpproxy. The 'recv_igmp()' function will process the crafted IGMPv3 membership report, leading to a NULL pointer dereference and application crash. This can be verified by compiling a test program that demonstrates the buffer overflow and crashes the application when the crafted packet is received.

Remediation

Users can update to the version of igmpproxy that includes the commit 2b30c36 to address this vulnerability.