CVE-2025-57155

Published: Jan 20, 2026

Modified: Jan 21, 2026

PUBLISHED

Description

NULL pointer dereference in the daap_reply_groups function in src/httpd_daap.c in owntone-server through commit 5e6f19a (newer commit after version 28.2) allows remote attackers to cause a Denial of Service.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/owntone/owntone-server/commit/d857116e4143a500d6a1ea13f4baa057ba3b0028

https://github.com/archersec/security-advisories/blob/master/owntone-server/owntone-server-advisory-2025.md

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-57155

Description

Affected Products

References