CVE-2023-33222

Summary

When handling contactless cards, usage of a specific function to get additional information from the card which doesn't check the boundary on the data received while reading. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device

Affected Software

VendorProductVersion RangeStatus
IDEMIASIGMA Lite & Lite +0 < 4.15.5affected
IDEMIASIGMA Wide0 < 4.15.5affected
IDEMIASIGMA Extreme0 < 4.15.5affected
IDEMIAMorphoWave Compact/XP0 < 2.12.2affected
IDEMIAVisionPass0 < 2.12.2affected
IDEMIAMorphoWave SP0 < 1.2.7affected

Weaknesses

  • CWE-121: CWE-121 Stack-based Buffer Overflow

ADP Enrichment

CVE Program Container

Additional References

References