Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

owntone

Source -

NVD

BOS Name -

N/A

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

4
Related CVEsRelated ProductsRelated AssignersReports
4Vulnerabilities found
CVE-2025-57155
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.00%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 00:00
Updated-13 Feb, 2026 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NULL pointer dereference in the daap_reply_groups function in src/httpd_daap.c in owntone-server through commit 5e6f19a (newer commit after version 28.2) allows remote attackers to cause a Denial of Service.

Action-Not Available
Vendor-owntonen/a
Product-owntone_servern/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-57156
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.16% / 36.66%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 00:00
Updated-13 Feb, 2026 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NULL pointer dereference in the dacp_reply_playqueueedit_clear function in src/httpd_dacp.c in owntone-server through commit 6d604a1 (newer commit after version 28.12) allows remote attackers to cause a Denial of Service (crash).

Action-Not Available
Vendor-owntonen/a
Product-owntone_servern/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-63648
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 14.02%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 00:00
Updated-13 Feb, 2026 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference in the dacp_reply_playqueueedit_move function (src/httpd_dacp.c) of owntone-server commit b7e385f allows attackers to cause a Denial of Service (DoS) via sending a crafted DACP request to the server.

Action-Not Available
Vendor-owntonen/a
Product-owntone_servern/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-38383
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.42% / 61.31%
||
7 Day CHG~0.00%
Published-10 Aug, 2021 | 17:14
Updated-13 Feb, 2026 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OwnTone (aka owntone-server) through 28.1 has a use-after-free in net_bind() in misc.c.

Action-Not Available
Vendor-owntonen/a
Product-owntone_servern/a
CWE ID-CWE-416
Use After Free