CVE-2025-50681

Name of the Vulnerable Software and Affected Versions igmpproxy versions prior to commit 2b30c36

Description A crafted IGMPv3 membership report packet with a malicious source address can cause a denial of service (application crash). Insufficient validation in the recv igmp() function in src/igmpproxy.c allows an invalid group record type to trigger a NULL pointer dereference when logging the address using inet fmtsrc(). This can be exploited by sending malformed multicast traffic to a host running igmpproxy, leading to a crash. The software is used in embedded networking environments and consumer-grade IoT devices to handle multicast traffic.

Recommendations Update to a version after commit 2b30c36.