Owntone Server NULL Pointer Dereference Vulnerability in DAAP Playlist Handling
Vulnerability
A NULL pointer dereference vulnerability has been identified in the daap_reply_playlists function of owntone-server, in versions through commit 3d1652d. This vulnerability allows attackers to cause a denial-of-service condition by sending a crafted DAAP request to the server. The issue arises when the meta parameter contains consecutive commas, leading to improper parsing and NULL values in the metadata array. Subsequent access to these NULL values causes the dereference error.
Impact
Exploitation of this vulnerability leads to a denial-of-service condition, causing the server to crash or become unresponsive.
Reproduction
The vulnerability can be reproduced by sending a DAAP request to the server's playlists endpoint with a meta parameter that includes consecutive commas, such as 'abc,,def'. This request should be sent over HTTP/1.1, with two trailing carriage return and line feed sequences to indicate the end of the header.
Remediation
Users can update to the latest version of owntone-server, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.