CVE-2023-33222
15.12.2023, 12:15
When handling contactless cards, usage of a specific function to get additional information from the card which doesn't check the boundary on the data received while reading. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted deviceEnginsight
| Vendor | Product | Version |
|---|---|---|
| idemia | sigma_lite_firmware | 𝑥 < 4.15.5 |
| idemia | sigma_lite\+_firmware | 𝑥 < 4.15.5 |
| idemia | sigma_extreme_firmware | 𝑥 < 4.15.5 |
| idemia | sigma_wide_firmware | 𝑥 < 4.15.5 |
| idemia | morphowave_compact_firmware | 𝑥 < 2.12.2 |
| idemia | morphowave_xp_firmware | 𝑥 < 2.12.2 |
| idemia | visionpass_firmware | 𝑥 < 2.12.2 |
| idemia | morphowave_sp_firmware | 𝑥 < 1.2.7 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-121 - Stack-based Buffer OverflowA stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.