Use-After-Free Vulnerability in OwnTone Server by Owntone
CVE-2021-38383

9.8CRITICAL

Key Information:

Vendor: Owntone Project
Status: Owntone
Vendor: CVE Published:; 10 August 2021

🔔 Create Owntone Project Vulnerability Alert

What is CVE-2021-38383?

A use-after-free vulnerability exists in the net_bind() function within the misc.c file of the OwnTone server. This issue can potentially lead to memory corruption and trigger unexpected behavior, affecting the stability and performance of the application. Developers utilizing versions up to 28.1 of the OwnTone server should review the implementation of the affected function and apply necessary patches to mitigate security risks.

References

https://github.com/owntone/owntone-server/commit/246d8ae0...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 10, 2021
Vulnerability Reserved
Aug 10, 2021

CVE-2021-38383 Data

JSON