Lucene search

IDEMIACVELIST:CVE-2023-33221

HistoryDec 15, 2023 - 11:32 a.m.

CVE-2023-33221 Heap Buffer Overflow when reading DESFire card

2023-12-1511:32:48

CWE-122

IDEMIA

www.cve.org

cve-2023-33221

desfire keys

boundary checking

heap based buffer overflow

remote code execution

default desfire key

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

48.9%

JSON

When reading DesFire keys, the function that reads the card isn’t properly checking the boundaries when copying
internally the data received. This allows a heap based buffer overflow that could lead to a potential Remote Code
Execution on the targeted device. This is especially problematic if you use Default DESFire key.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SIGMA Lite & Lite +",
    "vendor": "IDEMIA",
    "versions": [
      {
        "lessThan": "4.15.5",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "SIGMA Wide",
    "vendor": "IDEMIA",
    "versions": [
      {
        "lessThan": "4.15.5",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "SIGMA Extreme",
    "vendor": "IDEMIA",
    "versions": [
      {
        "lessThan": "4.15.5",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MorphoWave Compact/XP",
    "vendor": "IDEMIA",
    "versions": [
      {
        "lessThan": "2.12.2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VisionPass",
    "vendor": "IDEMIA",
    "versions": [
      {
        "lessThan": "2.12.2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MorphoWave SP",
    "vendor": "IDEMIA",
    "versions": [
      {
        "lessThan": "1.2.7",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

48.9%

JSON

Related for CVELIST:CVE-2023-33221