Executive Summary

This vulnerability is a NULL pointer dereference in the dacp_reply_playqueueedit_clear function of the Owntone server. It occurs when the 'mode' parameter is missing from an HTTP request query, causing the code to call strcmp on a null pointer. This leads to a crash or Denial of Service. The issue was fixed by adding a null check before calling strcmp to ensure the 'mode' parameter exists. [1]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows remote attackers to cause a Denial of Service (crash) of the Owntone server by sending a specially crafted HTTP request missing the 'mode' parameter, which triggers a null pointer dereference. [1]

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by monitoring for HTTP requests to the Owntone server that invoke the dacp_reply_playqueueedit_clear function without including the "mode" parameter in the query string. Specifically, sending crafted HTTP requests missing the "mode" parameter to the affected endpoint may cause the server to crash, indicating the presence of the vulnerability. There are no specific commands provided, but testing with tools like curl or custom scripts to send such requests and observing server stability can help detect it. [1]

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to apply the patch that adds a null check for the "mode" parameter before performing the string comparison in the dacp_reply_playqueueedit_clear function. This patch prevents the null pointer dereference and subsequent crash. Until the patch is applied, restricting access to the Owntone server or disabling the affected functionality may reduce exposure. [1]

Useful 0 Not Useful 0