CVE-2021-38111

Vulnerability

The DEF CON 27 badge contains a buffer overflow vulnerability in the handling of NFMI (Near Field Magnetic Induction) protocol packets. The bug is triggered when an oversized packet is received, exceeding the allocated buffer size. The affected device is the official DEF CON 27 badge, which uses NFMI for short-range communication. No specific firmware version is disclosed, but the badge was distributed at DEF CON 27 in 2019 [2].

Exploitation

An attacker must be within NFMI range (typically a few centimeters) to send a crafted oversized packet. No authentication is required. The attacker transmits a malicious NFMI burst that exceeds the expected datagram length, causing a buffer overflow in the badge's firmware [2].

Impact

Successful exploitation leads to memory corruption, potentially allowing arbitrary code execution on the badge. The attacker gains full control over the device, which could be used to exfiltrate data, modify badge behavior, or pivot to other nearby devices [2].

Mitigation

No official fix or patch has been released for the DEF CON 27 badge. The vulnerability is inherent to the hardware/firmware and cannot be mitigated via software update. Users should be aware that the badge is vulnerable and avoid using it in untrusted environments [2].