TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2025-50681

HIGH
7.5

Beschreibung

igmpproxy 0.4 before commit 2b30c36 allows remote attackers to cause a denial of service (application crash) via a crafted IGMPv3 membership report packet with a malicious source address. Due to insufficient validation in the `recv_igmp()` function in src/igmpproxy.c, an invalid group record type can trigger a NULL pointer dereference when logging the address using `inet_fmtsrc()`. This vulnerability can be exploited by sending malformed multicast traffic to a host running igmpproxy, leading to a crash. igmpproxy is used in various embedded networking environments and consumer-grade IoT devices (such as home routers and media gateways) to handle multicast traffic for IPTV and other streaming services. Affected devices that rely on unpatched versions of igmpproxy may be vulnerable to remote denial-of-service attacks across a LAN .

CVE Details

CVSS v3.1 Bewertung7.5
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht12/19/2025
Zuletzt geandert1/2/2026
Quellenvd
Honeypot-Sichtungen0

Betroffene Produkte

pali:igmpproxy

Schwachen (CWE)

CWE-120

Referenzen

https://gist.github.com/miora-sora/dac1612d16c45c2aedb8605478adc28f(cve@mitre.org)
https://github.com/pali/igmpproxy/issues/97(cve@mitre.org)
https://github.com/younix/igmpproxy/commit/2b30c36e6ab5b21defb76ec6458ab7687984484c(cve@mitre.org)
https://github.com/pali/igmpproxy/issues/97(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.