CVE-2023-33221— Heap Buffer Overflow when reading DESFire card
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-33221
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Heap Buffer Overflow when reading DESFire card
Source: NVD (National Vulnerability Database)
Vulnerability Description
When reading DesFire keys, the function that reads the card isn't properly checking the boundaries when copying internally the data received. This allows a heap based buffer overflow that could lead to a potential Remote Code Execution on the targeted device. This is especially problematic if you use Default DESFire key.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
堆缓冲区溢出
Source: NVD (National Vulnerability Database)
Vulnerability Title
WordPress Plugin SIGMA Lite & Lite+ 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress Plugin SIGMA Lite & Lite+ 、SIGMA Wide、SIGMA Extreme、MorphoWave Compact/XP、VisionPass、MorphoWave SP存在安全漏洞,该漏洞源于在读取 DesFir
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| IDEMIA | SIGMA Lite & Lite + | 0 ~ 4.15.5 | - | |
| IDEMIA | SIGMA Wide | 0 ~ 4.15.5 | - | |
| IDEMIA | SIGMA Extreme | 0 ~ 4.15.5 | - | |
| IDEMIA | MorphoWave Compact/XP | 0 ~ 2.12.2 | - | |
| IDEMIA | VisionPass | 0 ~ 2.12.2 | - | |
| IDEMIA | MorphoWave SP | 0 ~ 1.2.7 | - |
II. Public POCs for CVE-2023-33221
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-33221
请登录查看更多情报信息。
Same Patch Batch · IDEMIA · 2023-12-15 · 6 CVEs total
| CVE-2023-33222 | 6.8 MEDIUM | Stack buffer overflow when reading DESFire card |
| CVE-2023-33218 | 6.5 MEDIUM | Stack Buffer Overflow in a binary run at upgrade startup |
| CVE-2023-33219 | 6.5 MEDIUM | Stack Buffer Overflow when checking retrofit package |
| CVE-2023-33220 | 6.5 MEDIUM | Stack Buffer Overflow when checking some attributes during retrofit |
| CVE-2023-33217 | 4.9 MEDIUM | Missing integrity check on upgrade package |
IV. Related Vulnerabilities
Same product: SIGMA Lite & Lite +
- CVE-2023-33222
Stack buffer overflow when reading DESFire card - CVE-2023-33220
Stack Buffer Overflow when checking some attributes during r - CVE-2023-33219
Stack Buffer Overflow when checking retrofit package - CVE-2023-33218
Stack Buffer Overflow in a binary run at upgrade startup - CVE-2023-33217
Missing integrity check on upgrade package
Same vendor: IDEMIA
- CVE-2023-33222
Stack buffer overflow when reading DESFire card - CVE-2023-33220
Stack Buffer Overflow when checking some attributes during r - CVE-2023-33219
Stack Buffer Overflow when checking retrofit package - CVE-2023-33218
Stack Buffer Overflow in a binary run at upgrade startup - CVE-2023-33217
Missing integrity check on upgrade package
Same weakness: CWE-122
- CVE-2026-8261
Squirrel sqobject.cpp Load heap-based overflow - CVE-2026-8213
OSGeo gdal Grid File GDapi.c GDSDfldsrch heap-based overflow - CVE-2026-8212
OSGeo gdal SWapi.c SWSDfldsrch heap-based overflow - CVE-2026-42309
Pillow: Heap buffer overflow with nested list coordinates - CVE-2026-45130
Vim: Heap Buffer Overflow in spell file loading
V. Comments for CVE-2023-33221
No comments yet