Primary

Context

Owntone Server NULL Pointer Dereference Vulnerability in DAAP Response Handling Allowing Denial-of-Service

Vulnerability

Patched

A NULL pointer dereference vulnerability has been identified in the daap_reply_groups function of owntone-server, in versions prior to the commit d857116e4143a500d6a1ea13f4baa057ba3b0028. This vulnerability allows remote attackers to cause a denial-of-service condition by sending crafted DAAP requests that trigger the null pointer dereference, leading to a crash of the server.

Impact

Exploitation of this vulnerability causes a denial-of-service condition, crashing the server.

Remediation

Users can upgrade to owntone-server version 29.0 or later to address this vulnerability.

Added: Jan 20, 2026, 9:29 PM

Updated: Jan 20, 2026, 9:29 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

8.0

remediation

7.7

relevance

2.1

threat

3.2

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

8.0

remediation

7.7

relevance

2.1

threat

3.2

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Owntone Server NULL Pointer Dereference Vulnerability in DAAP Response Handling Allowing Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

owntone-server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating