Owntone Server NULL Pointer Dereference Vulnerability in DACP Request Handling Allowing Denial-of-Service
Vulnerability
A NULL pointer dereference vulnerability has been identified in the Owntone Server application, specifically in the DACP (Digital Audio Control Protocol) request handling. This vulnerability is present in versions of Owntone Server through commit 6d604a1, which is newer than version 28.12. The issue allows remote attackers to cause a denial-of-service condition by sending a crafted DACP request that lacks a required 'mode' parameter, leading to a crash of the server.
Impact
Exploitation of this vulnerability causes a segmentation fault, crashing the server.
Reproduction
The vulnerability can be reproduced by sending a DACP request to the server's '/ctrl-int/1/playqueue-edit' endpoint without including the 'mode' parameter. This can be done using a HTTP client or tool that allows the modification of request parameters. The absence of the 'mode' parameter triggers the NULL pointer dereference, causing the server to crash.
Remediation
Users can update to Owntone Server version 29.0 or later, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.