CVE
CVE-2025-63647
A NULL pointer dereference in the parse_meta function (src/httpd_daap.c) of owntone-server commit 334beb allows attackers to cause a Denial of Service (DoS) via sending a crafted DAAP request to the s...
A NULL pointer dereference in the parsemeta function (src/httpddaap.c) of owntone-server commit 334beb allows attackers to cause a Denial of Service (DoS) via sending a crafted DAAP request to the server.
Package Versions Affected
Package Version
patch Availability
No items found.
Automatically patch vulnerabilities without upgrading
Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request
CVSS Version
Severity
Base Score
CVSS Version
Score Vector
C
H
U
7.5
-
3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
C
H
U
0
-
3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
C
H
U
-
Related Resources
No items found.
References
https://github.com/archersec/poc/tree/master/owntone-server, https://github.com/archersec/security-advisories/blob/master/owntone-server/owntone-server-advisory-2025.md, https://github.com/archersec/poc/tree/master/owntone-server, https://github.com/archersec/security-advisories/blob/master/owntone-server/owntone-server-advisory-2025.md, https://github.com/owntone/owntone-server/commit/53ee9a3c3921e5448f502800c4dfa787865f6cb7
Basic Information
Ecosystem
