CVE-2025-44560

Published: Apr 10, 2026Modified: Apr 27, 2026Deferred

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

owntone-server 2ca10d9 is vulnerable to Buffer Overflow due to lack of recursive checking.

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://gist.github.com/wenwenyuyu/517851c3fe38c4f97b2d1940597da2d3

Source: cve@mitre.org

https://github.com/owntone/owntone-server/issues/1873

Source: cve@mitre.org

Timeline

No history available yet.