9.8
CVE-2023-33221
- EPSS 1.03%
- Veröffentlicht 15.12.2023 12:15:43
- Zuletzt bearbeitet 21.11.2024 08:05:10
- Quelle a87f365f-9d39-4848-9b3a-58c7ca
- CVE-Watchlists
- Unerledigt
LoginHeap Buffer Overflow when reading DESFire card
When reading DesFire keys, the function that reads the card isn't properly checking the boundaries when copying internally the data received. This allows a heap based buffer overflow that could lead to a potential Remote Code Execution on the targeted device. This is especially problematic if you use Default DESFire key.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Idemia ≫ Sigma Lite Firmware Version < 4.15.5
Idemia ≫ Sigma Lite+ Firmware Version < 4.15.5
Idemia ≫ Sigma Extreme Firmware Version < 4.15.5
Idemia ≫ Sigma Wide Firmware Version < 4.15.5
Idemia ≫ Morphowave Compact Firmware Version < 2.12.2
Idemia ≫ Morphowave Xp Firmware Version < 2.12.2
Idemia ≫ Visionpass Firmware Version < 2.12.2
Idemia ≫ Morphowave Sp Firmware Version < 1.2.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.03% | 0.592 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| a87f365f-9d39-4848-9b3a-58c7cae69cab | 6.8 | 0.9 | 5.9 |
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-122 Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf