CVE-2024-52296

Published: Nov 12, 2024

Modified: Nov 19, 2024

PUBLISHED

CVSS v3.1

6.5

MEDIUM

Description

libosdp is an implementation of IEC 60839-11-5 OSDP (Open Supervised Device Protocol) and provides a C library with support for C++, Rust and Python3. At ospd_common.c, on the osdp_reply_name function, any reply id between REPLY_ACK and REPLY_XRD is valid, but names array do not declare all of the range. On a case of an undefined reply id within the range, name will be null (name = names[reply_id - REPLY_ACK];). Null name will casue a crash on next line: if (name[0] == '\0') as null[0] is invalid. As this logic is not limited to a secure connection, attacker may trigger this vulnerability without any prior knowledge. This issue is fixed in 2.4.0.

Vendor	Product	Versions
goToMain	libosdp	affected `< 2.4.0`

Weaknesses (CWE)

CWE-476

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

https://github.com/goToMain/libosdp/security/advisories/GHSA-7945-5mcv-f2pp

x_refsource_CONFIRM

https://github.com/goToMain/libosdp/commit/24409e98a260176765956ec766a04cb35984fab1

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-52296

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References