CVE-2023-33221

Summary

When reading DesFire keys, the function that reads the card isn't properly checking the boundaries when copying internally the data received. This allows a heap based buffer overflow that could lead to a potential Remote Code Execution on the targeted device. This is especially problematic if you use Default DESFire key.

Affected Software

VendorProductVersion RangeStatus
IDEMIASIGMA Lite & Lite +0 < 4.15.5affected
IDEMIASIGMA Wide0 < 4.15.5affected
IDEMIASIGMA Extreme0 < 4.15.5affected
IDEMIAMorphoWave Compact/XP0 < 2.12.2affected
IDEMIAVisionPass0 < 2.12.2affected
IDEMIAMorphoWave SP0 < 1.2.7affected

Weaknesses

  • CWE-122: CWE-122 Heap-based Buffer Overflow

ADP Enrichment

CVE Program Container

Additional References

References