Re: [Buildroot] [PATCH] package/igmpproxy: add patch for CVE-2025-50681

[Thomas Perale via buildroot <buildroot@buildroot.org>]

In reply of:
> Fixes the following vulnerability:
> 
> - CVE-2025-50681:
>     igmpproxy 0.4 before commit 2b30c36 allows remote attackers to cause a
>     denial of service (application crash) via a crafted IGMPv3 membership
>     report packet with a malicious source address. Due to insufficient
>     validation in the `recv_igmp()` function in src/igmpproxy.c, an
>     invalid group record type can trigger a NULL pointer dereference when
>     logging the address using `inet_fmtsrc()`. This vulnerability can be
>     exploited by sending malformed multicast traffic to a host running
>     igmpproxy, leading to a crash. igmpproxy is used in various embedded
>     networking environments and consumer-grade IoT devices (such as home
>     routers and media gateways) to handle multicast traffic for IPTV and
>     other streaming services. Affected devices that rely on unpatched
>     versions of igmpproxy may be vulnerable to remote denial-of-service
>     attacks across a LAN .
> 
> For more information, see:
>   - https://www.cve.org/CVERecord?id=CVE-2025-50681
>   - https://github.com/younix/igmpproxy/commit/2b30c36e6ab5b21defb76ec6458ab7687984484c
> 
> Signed-off-by: Thomas Perale <thomas.perale@mind.be>

Applied to 2025.02.x & 2025.11.x. Thanks

> ---
>  .../igmpproxy/0001-Fix-Buffer-Overflow.patch  | 25 +++++++++++++++++++
>  package/igmpproxy/igmpproxy.mk                |  3 +++
>  2 files changed, 28 insertions(+)
>  create mode 100644 package/igmpproxy/0001-Fix-Buffer-Overflow.patch
> 
> diff --git a/package/igmpproxy/0001-Fix-Buffer-Overflow.patch b/package/igmpproxy/0001-Fix-Buffer-Overflow.patch
> new file mode 100644
> index 0000000000..b9f03386a8
> --- /dev/null
> +++ b/package/igmpproxy/0001-Fix-Buffer-Overflow.patch
> @@ -0,0 +1,25 @@
> +From 2b30c36e6ab5b21defb76ec6458ab7687984484c Mon Sep 17 00:00:00 2001
> +From: Jan Klemkow <j.klemkow@wemelug.de>
> +Date: Thu, 17 Apr 2025 19:02:16 +0200
> +Subject: [PATCH] Fix Buffer Overflow #97
> +
> +CVE: CVE-2025-50681
> +Upstream: https://github.com/younix/igmpproxy/commit/2b30c36e6ab5b21defb76ec6458ab7687984484c
> +Signed-off-by: Thomas Perale <thomas.perale@mind.be>
> +---
> + src/igmp.c | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/src/igmp.c b/src/igmp.c
> +index a80c4e58..838694ce 100644
> +--- a/src/igmp.c
> ++++ b/src/igmp.c
> +@@ -94,7 +94,7 @@ static const char *igmpPacketKind(unsigned int type, unsigned int code) {
> +     case IGMP_V2_LEAVE_GROUP:        return "Leave message     ";
> + 
> +     default:
> +-        sprintf(unknown, "unk: 0x%02x/0x%02x    ", type, code);
> ++        snprintf(unknown, sizeof unknown, "unk: 0x%02x/0x%02x    ", type, code);
> +         return unknown;
> +     }
> + }
> diff --git a/package/igmpproxy/igmpproxy.mk b/package/igmpproxy/igmpproxy.mk
> index f2c32939ff..d7d7691c8f 100644
> --- a/package/igmpproxy/igmpproxy.mk
> +++ b/package/igmpproxy/igmpproxy.mk
> @@ -13,4 +13,7 @@ IGMPPROXY_LICENSE_FILES = COPYING GPL.txt Stanford.txt
>  
>  IGMPPROXY_CPE_ID_VENDOR = pali
>  
> +# 0001-Fix-Buffer-Overflow.patch
> +IGMPPROXY_IGNORE_CVES += CVE-2025-50681
> +
>  $(eval $(autotools-package))
> -- 
> 2.53.0
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot