Impact
The RAOP module in PipeWire accepts unbounded Content-Length values without validating the pw_array_add() return, leading to a null pointer dereference. This flaw causes the PipeWire to experience a denial of service. The weakness is classified as CWE-476.
Affected Systems
The vulnerability applies to Red Hat Enterprise Linux 8, 9, and 10 systems that include PipeWire’s RAOP modules for AirPlay streaming. The affected modules are module-raop-discover and module-raop-sink.
Risk and Exploitability
The CVSS score of 6.5 indicates moderate severity, and no EPSS score is available. The vulnerability is not listed in CISA’s KEV catalog, implying limited public exploitation data. The CVE description does not explicitly state the attack vector, but the flaw involves the RAOP module accepting unbounded Content-Length values, which may lead to a null pointer dereference.
OpenCVE Enrichment