LibOSDP vulnerable to a null pointer deref in osdp_reply_name

Issue: At ospdcommon.c, on the osdpreplyname function, any reply id between REPLYACK and REPLYXRD is valid, but names array do not declare all of the range. On a case of an undefined reply id within the range, name will be null name = namesreplyid - REPLYACK;. Null name will casue a crash on next...

PT-2024-35154 · Libosdp · Libosdp

Name of the Vulnerable Software and Affected Versions: libosdp versions prior to 3.0.0 Description: The issue allows an attacker with MITM access to the communication to intercept and save the original RMAC I reply. The attacker can then record all replies and save them until capturing the messag...

bigbang (>=0.0.6 <=0.0.9), bruteforus (=0.1.0) +8 more potentially affected by CVE-2020-36463 via multiqueue (=0.3.2)

multiqueue CARGO version =0.3.2 is affected by a known vulnerability. The following packages have a transitive dependency on multiqueue and may be impacted: - bigbang =0.0.6, =0.1.0, =0.1.8, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.1.6, =0.2.0, =0.5.0 Source cves: CVE-2020-36463 Source advisory:...

bigbang (>=0.0.6 <=0.0.9), bruteforus (=0.1.0) +8 more potentially affected by CVE-2020-36463 via multiqueue (=0.3.2)

multiqueue CARGO version =0.3.2 is affected by a known vulnerability. The following packages have a transitive dependency on multiqueue and may be impacted: - bigbang =0.0.6, =0.1.0, =0.1.8, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.1.6, =0.2.0, =0.5.0 Source cves: CVE-2020-36463 Source advisory:...