* [Buildroot] [PATCH] package/igmpproxy: add patch for CVE-2025-50681
@ 2026-02-26 8:06 Thomas Perale via buildroot
2026-02-26 20:10 ` Julien Olivain via buildroot
2026-03-06 19:53 ` Thomas Perale via buildroot
0 siblings, 2 replies; 3+ messages in thread
From: Thomas Perale via buildroot @ 2026-02-26 8:06 UTC (permalink / raw)
To: buildroot
Fixes the following vulnerability:
- CVE-2025-50681:
igmpproxy 0.4 before commit 2b30c36 allows remote attackers to cause a
denial of service (application crash) via a crafted IGMPv3 membership
report packet with a malicious source address. Due to insufficient
validation in the `recv_igmp()` function in src/igmpproxy.c, an
invalid group record type can trigger a NULL pointer dereference when
logging the address using `inet_fmtsrc()`. This vulnerability can be
exploited by sending malformed multicast traffic to a host running
igmpproxy, leading to a crash. igmpproxy is used in various embedded
networking environments and consumer-grade IoT devices (such as home
routers and media gateways) to handle multicast traffic for IPTV and
other streaming services. Affected devices that rely on unpatched
versions of igmpproxy may be vulnerable to remote denial-of-service
attacks across a LAN .
For more information, see:
- https://www.cve.org/CVERecord?id=CVE-2025-50681
- https://github.com/younix/igmpproxy/commit/2b30c36e6ab5b21defb76ec6458ab7687984484c
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
---
.../igmpproxy/0001-Fix-Buffer-Overflow.patch | 25 +++++++++++++++++++
package/igmpproxy/igmpproxy.mk | 3 +++
2 files changed, 28 insertions(+)
create mode 100644 package/igmpproxy/0001-Fix-Buffer-Overflow.patch
diff --git a/package/igmpproxy/0001-Fix-Buffer-Overflow.patch b/package/igmpproxy/0001-Fix-Buffer-Overflow.patch
new file mode 100644
index 0000000000..b9f03386a8
--- /dev/null
+++ b/package/igmpproxy/0001-Fix-Buffer-Overflow.patch
@@ -0,0 +1,25 @@
+From 2b30c36e6ab5b21defb76ec6458ab7687984484c Mon Sep 17 00:00:00 2001
+From: Jan Klemkow <j.klemkow@wemelug.de>
+Date: Thu, 17 Apr 2025 19:02:16 +0200
+Subject: [PATCH] Fix Buffer Overflow #97
+
+CVE: CVE-2025-50681
+Upstream: https://github.com/younix/igmpproxy/commit/2b30c36e6ab5b21defb76ec6458ab7687984484c
+Signed-off-by: Thomas Perale <thomas.perale@mind.be>
+---
+ src/igmp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/igmp.c b/src/igmp.c
+index a80c4e58..838694ce 100644
+--- a/src/igmp.c
++++ b/src/igmp.c
+@@ -94,7 +94,7 @@ static const char *igmpPacketKind(unsigned int type, unsigned int code) {
+ case IGMP_V2_LEAVE_GROUP: return "Leave message ";
+
+ default:
+- sprintf(unknown, "unk: 0x%02x/0x%02x ", type, code);
++ snprintf(unknown, sizeof unknown, "unk: 0x%02x/0x%02x ", type, code);
+ return unknown;
+ }
+ }
diff --git a/package/igmpproxy/igmpproxy.mk b/package/igmpproxy/igmpproxy.mk
index f2c32939ff..d7d7691c8f 100644
--- a/package/igmpproxy/igmpproxy.mk
+++ b/package/igmpproxy/igmpproxy.mk
@@ -13,4 +13,7 @@ IGMPPROXY_LICENSE_FILES = COPYING GPL.txt Stanford.txt
IGMPPROXY_CPE_ID_VENDOR = pali
+# 0001-Fix-Buffer-Overflow.patch
+IGMPPROXY_IGNORE_CVES += CVE-2025-50681
+
$(eval $(autotools-package))
--
2.53.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH] package/igmpproxy: add patch for CVE-2025-50681
2026-02-26 8:06 [Buildroot] [PATCH] package/igmpproxy: add patch for CVE-2025-50681 Thomas Perale via buildroot
@ 2026-02-26 20:10 ` Julien Olivain via buildroot
2026-03-06 19:53 ` Thomas Perale via buildroot
1 sibling, 0 replies; 3+ messages in thread
From: Julien Olivain via buildroot @ 2026-02-26 20:10 UTC (permalink / raw)
To: Thomas Perale; +Cc: buildroot
On 26/02/2026 09:06, Thomas Perale via buildroot wrote:
> Fixes the following vulnerability:
>
> - CVE-2025-50681:
> igmpproxy 0.4 before commit 2b30c36 allows remote attackers to
> cause a
> denial of service (application crash) via a crafted IGMPv3
> membership
> report packet with a malicious source address. Due to insufficient
> validation in the `recv_igmp()` function in src/igmpproxy.c, an
> invalid group record type can trigger a NULL pointer dereference
> when
> logging the address using `inet_fmtsrc()`. This vulnerability can
> be
> exploited by sending malformed multicast traffic to a host running
> igmpproxy, leading to a crash. igmpproxy is used in various
> embedded
> networking environments and consumer-grade IoT devices (such as
> home
> routers and media gateways) to handle multicast traffic for IPTV
> and
> other streaming services. Affected devices that rely on unpatched
> versions of igmpproxy may be vulnerable to remote denial-of-service
> attacks across a LAN .
>
> For more information, see:
> - https://www.cve.org/CVERecord?id=CVE-2025-50681
> -
> https://github.com/younix/igmpproxy/commit/2b30c36e6ab5b21defb76ec6458ab7687984484c
>
> Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Applied to master, thanks.
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH] package/igmpproxy: add patch for CVE-2025-50681
2026-02-26 8:06 [Buildroot] [PATCH] package/igmpproxy: add patch for CVE-2025-50681 Thomas Perale via buildroot
2026-02-26 20:10 ` Julien Olivain via buildroot
@ 2026-03-06 19:53 ` Thomas Perale via buildroot
1 sibling, 0 replies; 3+ messages in thread
From: Thomas Perale via buildroot @ 2026-03-06 19:53 UTC (permalink / raw)
To: Thomas Perale; +Cc: buildroot
In reply of:
> Fixes the following vulnerability:
>
> - CVE-2025-50681:
> igmpproxy 0.4 before commit 2b30c36 allows remote attackers to cause a
> denial of service (application crash) via a crafted IGMPv3 membership
> report packet with a malicious source address. Due to insufficient
> validation in the `recv_igmp()` function in src/igmpproxy.c, an
> invalid group record type can trigger a NULL pointer dereference when
> logging the address using `inet_fmtsrc()`. This vulnerability can be
> exploited by sending malformed multicast traffic to a host running
> igmpproxy, leading to a crash. igmpproxy is used in various embedded
> networking environments and consumer-grade IoT devices (such as home
> routers and media gateways) to handle multicast traffic for IPTV and
> other streaming services. Affected devices that rely on unpatched
> versions of igmpproxy may be vulnerable to remote denial-of-service
> attacks across a LAN .
>
> For more information, see:
> - https://www.cve.org/CVERecord?id=CVE-2025-50681
> - https://github.com/younix/igmpproxy/commit/2b30c36e6ab5b21defb76ec6458ab7687984484c
>
> Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Applied to 2025.02.x & 2025.11.x. Thanks
> ---
> .../igmpproxy/0001-Fix-Buffer-Overflow.patch | 25 +++++++++++++++++++
> package/igmpproxy/igmpproxy.mk | 3 +++
> 2 files changed, 28 insertions(+)
> create mode 100644 package/igmpproxy/0001-Fix-Buffer-Overflow.patch
>
> diff --git a/package/igmpproxy/0001-Fix-Buffer-Overflow.patch b/package/igmpproxy/0001-Fix-Buffer-Overflow.patch
> new file mode 100644
> index 0000000000..b9f03386a8
> --- /dev/null
> +++ b/package/igmpproxy/0001-Fix-Buffer-Overflow.patch
> @@ -0,0 +1,25 @@
> +From 2b30c36e6ab5b21defb76ec6458ab7687984484c Mon Sep 17 00:00:00 2001
> +From: Jan Klemkow <j.klemkow@wemelug.de>
> +Date: Thu, 17 Apr 2025 19:02:16 +0200
> +Subject: [PATCH] Fix Buffer Overflow #97
> +
> +CVE: CVE-2025-50681
> +Upstream: https://github.com/younix/igmpproxy/commit/2b30c36e6ab5b21defb76ec6458ab7687984484c
> +Signed-off-by: Thomas Perale <thomas.perale@mind.be>
> +---
> + src/igmp.c | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/src/igmp.c b/src/igmp.c
> +index a80c4e58..838694ce 100644
> +--- a/src/igmp.c
> ++++ b/src/igmp.c
> +@@ -94,7 +94,7 @@ static const char *igmpPacketKind(unsigned int type, unsigned int code) {
> + case IGMP_V2_LEAVE_GROUP: return "Leave message ";
> +
> + default:
> +- sprintf(unknown, "unk: 0x%02x/0x%02x ", type, code);
> ++ snprintf(unknown, sizeof unknown, "unk: 0x%02x/0x%02x ", type, code);
> + return unknown;
> + }
> + }
> diff --git a/package/igmpproxy/igmpproxy.mk b/package/igmpproxy/igmpproxy.mk
> index f2c32939ff..d7d7691c8f 100644
> --- a/package/igmpproxy/igmpproxy.mk
> +++ b/package/igmpproxy/igmpproxy.mk
> @@ -13,4 +13,7 @@ IGMPPROXY_LICENSE_FILES = COPYING GPL.txt Stanford.txt
>
> IGMPPROXY_CPE_ID_VENDOR = pali
>
> +# 0001-Fix-Buffer-Overflow.patch
> +IGMPPROXY_IGNORE_CVES += CVE-2025-50681
> +
> $(eval $(autotools-package))
> --
> 2.53.0
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-03-06 19:53 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-02-26 8:06 [Buildroot] [PATCH] package/igmpproxy: add patch for CVE-2025-50681 Thomas Perale via buildroot
2026-02-26 20:10 ` Julien Olivain via buildroot
2026-03-06 19:53 ` Thomas Perale via buildroot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox