CVE-2024-52296 – This vulnerability in libosdp allows remote att... (How to Fix)

Q: What is the severity of CVE-2024-52296?

CVE-2024-52296 has a CVSS score of 6.5 (MEDIUM). This vulnerability in libosdp allows remote attackers to crash applications by sending specially crafted OSDP reply IDs. Any system using vulnerable versions of libosdp for physical access control or device communication is affected.

📋 TL;DR

This vulnerability in libosdp allows remote attackers to crash applications by sending specially crafted OSDP reply IDs. Any system using vulnerable versions of libosdp for physical access control or device communication is affected.

💻 Affected Systems

Products:

libosdp

Versions: All versions before 2.4.0

Operating Systems: All platforms using libosdp

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all implementations using the vulnerable osdp_reply_name function regardless of connection type.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Denial of service causing physical access control systems to become unresponsive, potentially locking or unlocking doors unexpectedly.

🟠

Likely Case

Application crash leading to temporary loss of OSDP device communication until service restart.

🟢

If Mitigated

Minimal impact if systems are isolated from untrusted networks and use proper input validation.

🌐 Internet-Facing: MEDIUM - Requires OSDP protocol access but no authentication needed.

🏢 Internal Only: HIGH - Internal attackers or compromised devices can easily trigger the crash.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Attack requires sending OSDP packets with reply IDs between REPLY_ACK and REPLY_XRD that aren't defined in the names array.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.4.0

Vendor Advisory: https://github.com/goToMain/libosdp/security/advisories/GHSA-7945-5mcv-f2pp

Restart Required: Yes

Instructions:

1. Update libosdp to version 2.4.0 or later. 2. Recompile applications using libosdp. 3. Restart affected services.

🔧 Temporary Workarounds

Input validation wrapper

all

Add bounds checking before calling osdp_reply_name function

// C code example: if (reply_id < REPLY_ACK || reply_id > REPLY_XRD) return error;

🧯 If You Can't Patch

Network segmentation: Isolate OSDP devices from untrusted networks
Implement rate limiting on OSDP traffic to reduce attack surface

🔍 How to Verify

Check if Vulnerable:

Check libosdp version: dpkg -l | grep libosdp or check linked library version in applications

Check Version:

pkg-config --modversion libosdp

Verify Fix Applied:

Verify version is 2.4.0 or higher and check commit 24409e98a260176765956ec766a04cb35984fab1 is present

📡 Detection & Monitoring

Log Indicators:

Application crashes with null pointer dereference
OSDP service restarts

Network Indicators:

OSDP packets with reply IDs between 0x40 and 0x4F (estimated range)

SIEM Query:

event_type:crash AND process_name:*osdp* OR protocol:osdp AND reply_id:[64 TO 79]

📊 Metadata

CVE ID: CVE-2024-52296

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: November 12, 2024

Last Updated: November 13, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-52296, you might also want to check these: