Unrated severityNVD Advisory· Published Dec 15, 2023· Updated Aug 2, 2024

Heap Buffer Overflow when reading DESFire card

CVE-2023-33221

Description

When reading DesFire keys, the function that reads the card isn't properly checking the boundaries when copying internally the data received. This allows a heap based buffer overflow that could lead to a potential Remote Code Execution on the targeted device. This is especially problematic if you use Default DESFire key.

Affected products

Idemia/Morpho Wave Compactcpe-rescue
Range: 0
IDEMIA/MorphoWave SPv5
Range: 0
IDEMIA/SIGMA Extremev5
Range: 0
IDEMIA/SIGMA Lite & Lite +v5
Range: 0
IDEMIA/SIGMA Widev5
Range: 0
Idemia/VisionPasscpe-rescue
Range: 0

Patches

Vulnerability mechanics

References

www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdfmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000