// For flags

CVE-2023-33222

Stack buffer overflow when reading DESFire card

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

When handling contactless cards, usage of a specific function to get additional information from the card which doesn't
check the boundary on the data received while reading. This allows a stack-based buffer overflow that could lead to a
potential Remote Code Execution on the targeted device

Al manejar tarjetas sin contacto, se utiliza una función específica para obtener información adicional de la tarjeta que no verifica el límite de los datos recibidos durante la lectura. Esto permite un desbordamiento de búfer en la región stack de la memoria que podría provocar una posible ejecución remota de código en el dispositivo de destino.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-05-18 CVE Reserved
  • 2023-12-15 CVE Published
  • 2023-12-29 EPSS Updated
  • 2024-08-02 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-121: Stack-based Buffer Overflow
  • CWE-787: Out-of-bounds Write
CAPEC
  • CAPEC-100: Overflow Buffers
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Idemia
Search vendor "Idemia"
Sigma Lite Firmware
Search vendor "Idemia" for product "Sigma Lite Firmware"
< 4.15.5
Search vendor "Idemia" for product "Sigma Lite Firmware" and version " < 4.15.5"
-
Affected
in Idemia
Search vendor "Idemia"
Sigma Lite
Search vendor "Idemia" for product "Sigma Lite"
--
Safe
Idemia
Search vendor "Idemia"
Sigma Lite\+ Firmware
Search vendor "Idemia" for product "Sigma Lite\+ Firmware"
< 4.15.5
Search vendor "Idemia" for product "Sigma Lite\+ Firmware" and version " < 4.15.5"
-
Affected
in Idemia
Search vendor "Idemia"
Sigma Lite\+
Search vendor "Idemia" for product "Sigma Lite\+"
--
Safe
Idemia
Search vendor "Idemia"
Sigma Extreme Firmware
Search vendor "Idemia" for product "Sigma Extreme Firmware"
< 4.15.5
Search vendor "Idemia" for product "Sigma Extreme Firmware" and version " < 4.15.5"
-
Affected
in Idemia
Search vendor "Idemia"
Sigma Extreme
Search vendor "Idemia" for product "Sigma Extreme"
--
Safe
Idemia
Search vendor "Idemia"
Sigma Wide Firmware
Search vendor "Idemia" for product "Sigma Wide Firmware"
< 4.15.5
Search vendor "Idemia" for product "Sigma Wide Firmware" and version " < 4.15.5"
-
Affected
in Idemia
Search vendor "Idemia"
Sigma Wide
Search vendor "Idemia" for product "Sigma Wide"
--
Safe
Idemia
Search vendor "Idemia"
Morphowave Compact Firmware
Search vendor "Idemia" for product "Morphowave Compact Firmware"
< 2.12.2
Search vendor "Idemia" for product "Morphowave Compact Firmware" and version " < 2.12.2"
-
Affected
in Idemia
Search vendor "Idemia"
Morphowave Compact
Search vendor "Idemia" for product "Morphowave Compact"
--
Safe
Idemia
Search vendor "Idemia"
Morphowave Xp Firmware
Search vendor "Idemia" for product "Morphowave Xp Firmware"
< 2.12.2
Search vendor "Idemia" for product "Morphowave Xp Firmware" and version " < 2.12.2"
-
Affected
in Idemia
Search vendor "Idemia"
Morphowave Xp
Search vendor "Idemia" for product "Morphowave Xp"
--
Safe
Idemia
Search vendor "Idemia"
Visionpass Firmware
Search vendor "Idemia" for product "Visionpass Firmware"
< 2.12.2
Search vendor "Idemia" for product "Visionpass Firmware" and version " < 2.12.2"
-
Affected
in Idemia
Search vendor "Idemia"
Visionpass
Search vendor "Idemia" for product "Visionpass"
--
Safe
Idemia
Search vendor "Idemia"
Morphowave Sp Firmware
Search vendor "Idemia" for product "Morphowave Sp Firmware"
< 1.2.7
Search vendor "Idemia" for product "Morphowave Sp Firmware" and version " < 1.2.7"
-
Affected
in Idemia
Search vendor "Idemia"
Morphowave Sp
Search vendor "Idemia" for product "Morphowave Sp"
--
Safe