A high-severity vulnerability has been discovered in multiple versions of igmpproxy, a widely used multicast routing daemon. An unauthenticated remote attacker can exploit this flaw by sending a specially crafted network packet, causing the service to crash and resulting in a denial-of-service condition. This can disrupt critical network services that rely on multicast traffic, such as IPTV and real-time data streaming.

The vulnerability is a heap-based buffer overflow within the IGMP (Internet Group Management Protocol) packet parsing function of the igmpproxy daemon. An attacker can send a malformed IGMP packet to a vulnerable device, which the daemon fails to validate correctly. This leads to writing data beyond the allocated buffer, corrupting memory and causing the igmpproxy process to terminate, resulting in a denial-of-service. Exploitation requires no authentication and can be performed remotely by any attacker with network access to the affected service.

This vulnerability is rated as High severity with a CVSS score of 7.5. Successful exploitation would lead to a denial-of-service, directly impacting the availability of services dependent on multicast routing. For organizations using igmpproxy to facilitate services like IPTV, video conferencing, financial market data feeds, or other real-time streaming applications, an outage could result in significant business disruption, financial loss, and reputational damage. The primary risk is an immediate and complete loss of multicast-dependent services until the igmpproxy daemon is manually restarted.

Immediate Action:

• Identify all network devices running a vulnerable version of the igmpproxy software.
• Apply the security updates or patches provided by the vendor immediately to remediate the vulnerability.
• After patching, reboot the service and confirm that it is operating correctly and the version has been successfully updated.

Proactive Monitoring:

• Monitor system logs for unexpected crashes or restarts of the igmpproxy process.
• Analyze network traffic for an unusual volume of IGMP packets or malformed packets targeting devices running igmpproxy.
• Implement alerts for service availability to detect outages of multicast-dependent applications promptly.

Compensating Controls:

• If immediate patching is not feasible, implement strict firewall rules to restrict access to the igmpproxy service from untrusted networks or unauthorized IP addresses.
• Deploy an Intrusion Prevention System (IPS) with signatures designed to detect and block attempts to exploit this specific vulnerability.
• Ensure the service is configured to restart automatically upon failure to minimize the duration of a potential outage.

Public Exploit Available: false

Due to the high severity (CVSS 7.5) and the critical role igmpproxy plays in maintaining multicast network services, immediate patching is strongly recommended. Although this vulnerability is not currently listed on the CISA KEV catalog and no active exploitation has been observed, the low complexity of a potential attack creates a significant risk of service disruption. Organizations should prioritize the deployment of vendor-supplied updates to all affected systems to prevent potential outages.