Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-33222— Stack buffer overflow when reading DESFire card

CVSS 6.8 · Medium EPSS 3.53% · P88
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-33222

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Stack buffer overflow when reading DESFire card
Source: NVD (National Vulnerability Database)
Vulnerability Description
When handling contactless cards, usage of a specific function to get additional information from the card which doesn't check the boundary on the data received while reading. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
栈缓冲区溢出
Source: NVD (National Vulnerability Database)
Vulnerability Title
WordPress Plugin SIGMA Lite & Lite+ 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress Plugin SIGMA Lite & Lite+、SIGMA Wide、SIGMA Extreme、MorphoWave Compact/XP、VisionPass、MorphoWave SP存在安全漏洞,该漏洞源于在处理非接触式卡时,使
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
IDEMIASIGMA Lite & Lite + 0 ~ 4.15.5 -
IDEMIASIGMA Wide 0 ~ 4.15.5 -
IDEMIASIGMA Extreme 0 ~ 4.15.5 -
IDEMIAMorphoWave Compact/XP 0 ~ 2.12.2 -
IDEMIAVisionPass 0 ~ 2.12.2 -
IDEMIAMorphoWave SP 0 ~ 1.2.7 -

II. Public POCs for CVE-2023-33222

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2023-33222

登录查看更多情报信息。

Same Patch Batch · IDEMIA · 2023-12-15 · 6 CVEs total

CVE-2023-332216.8 MEDIUM Heap Buffer Overflow when reading DESFire card
CVE-2023-332186.5 MEDIUMStack Buffer Overflow in a binary run at upgrade startup
CVE-2023-332196.5 MEDIUMStack Buffer Overflow when checking retrofit package
CVE-2023-332206.5 MEDIUMStack Buffer Overflow when checking some attributes during retrofit
CVE-2023-332174.9 MEDIUMMissing integrity check on upgrade package

IV. Related Vulnerabilities

Same product: SIGMA Lite & Lite +
Same vendor: IDEMIA
Same weakness: CWE-121

V. Comments for CVE-2023-33222

No comments yet

Leave a comment