CVE-2025-57155 - Vulnerability Details

NULL pointer dereference in the daap_reply_groups function in src/httpd_daap.c in owntone-server through commit 5e6f19a (newer commit after version 28.2) allows remote attackers to cause a Denial of Service.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

References

Link	Providers
https://github.com/archersec/security-advisories/blob/master/owntone-server/owntone-server-advisory-2025.md
https://github.com/owntone/owntone-server/commit/d857116e4143a500d6a1ea13f4baa057ba3b0028

History

Tue, 20 Jan 2026 21:15:00 +0000

Type	Values Removed	Values Added
Description		NULL pointer dereference in the daap_reply_groups function in src/httpd_daap.c in owntone-server through commit 5e6f19a (newer commit after version 28.2) allows remote attackers to cause a Denial of Service.
References		https://github.com/archersec/security-advisories/blob/master/owntone-server/owntone-server-advisory-2025.md https://github.com/owntone/owntone-server/commit/d857116e4143a500d6a1ea13f4baa057ba3b0028

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-01-20T00:00:00.000Z

Updated: 2026-01-20T21:00:10.260Z

Reserved: 2025-08-17T00:00:00.000Z

Link: CVE-2025-57155

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-01-20T21:16:03.670

Modified: 2026-01-20T21:16:03.670

Link: CVE-2025-57155

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object