libosdp@2.4.0 vulnerabilities

Library implementation of IEC 60839-11-5 OSDP (Open Supervised Device Protocol)

latest version

3.0.6
latest non vulnerable version

3.0.6
first published

6 months ago
latest version published

2 days ago
licenses detected
- Apache-2.0
  [0,)
View libosdp package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the libosdp package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Improper Input Validation libosdp is a Library implementation of IEC 60839-11-5 OSDP (Open Supervised Device Protocol) Affected versions of this package are vulnerable to Improper Input Validation in the `osdp_phy.c` and `osdp_cp.c` components. An attacker with Man-In-The-Middle (MITM) access to the communication can intercept the original `RMAC_I` reply and save it. As the session continues, the attacker records all replies until capturing the message to be replayed. The attacker then stops resetting the connection, waits for a signal to perform the replay of the PD to CP message, and crafts a specific RMAC_I message in the proper sequence of execution, which results in reverting the RMAC to the beginning of the session. At this phase, the attacker can replay all the messages from the beginning of the session. How to fix Improper Input Validation? Upgrade `libosdp` to version 3.0.0 or higher.	[,3.0.0)

Improper Input Validation

libosdp is a Library implementation of IEC 60839-11-5 OSDP (Open Supervised Device Protocol)

Affected versions of this package are vulnerable to Improper Input Validation in the osdp_phy.c and osdp_cp.c components.

An attacker with Man-In-The-Middle (MITM) access to the communication can intercept the original RMAC_I reply and save it. As the session continues, the attacker records all replies until capturing the message to be replayed. The attacker then stops resetting the connection, waits for a signal to perform the replay of the PD to CP message, and crafts a specific RMAC_I message in the proper sequence of execution, which results in reverting the RMAC to the beginning of the session. At this phase, the attacker can replay all the messages from the beginning of the session.

How to fix Improper Input Validation?

Upgrade libosdp to version 3.0.0 or higher.

[,3.0.0)

Go back to all versions of this package

libosdp@2.4.0 vulnerabilities

Library implementation of IEC 60839-11-5 OSDP (Open Supervised Device Protocol)

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities