CVE-2024-52296

Name of the Vulnerable Software and Affected Versions libosdp versions prior to 2.4.0

Description The issue arises from a null pointer dereference in the osdp reply name function at ospd common.c. Any reply id between REPLY ACK and REPLY XRD is considered valid, but the names array does not declare all of the range. If an undefined reply id within the range is encountered, the name will be null, causing a crash on the next line when checking if (name[0] == '0'). This logic is not limited to a secure connection, allowing an attacker to trigger this issue without prior knowledge. The impact of this issue is a Denial of Service.

Recommendations For libosdp versions prior to 2.4.0, upgrade to version 2.4.0 to fix the issue. As a temporary workaround, consider restricting access to the osdp reply name function until the patch is applied. Avoid using undefined reply ids within the range of REPLY ACK and REPLY XRD to minimize the risk of exploitation.