GSD-2023-33222
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
When handling contactless cards, usage of a specific function to get additional information from the card which doesn't
check the boundary on the data received while reading. This allows a stack-based buffer overflow that could lead to a
potential Remote Code Execution on the targeted device
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-33222",
"id": "GSD-2023-33222"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-33222"
],
"details": "\n\n\n\n\n\n\n\n\nWhen handling contactless cards, usage of a specific function to get additional information from the card which doesn\u0027t \ncheck the boundary on the data received while reading. This allows a stack-based buffer overflow that could lead to a \npotential Remote Code Execution on the targeted device\n\n\n\n\n\n\n\n",
"id": "GSD-2023-33222",
"modified": "2023-12-13T01:20:36.822452Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "psirt@idemia.com",
"ID": "CVE-2023-33222",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIGMA Lite \u0026 Lite +",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "0",
"version_value": "4.15.5"
}
]
}
},
{
"product_name": "SIGMA Wide",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "0",
"version_value": "4.15.5"
}
]
}
},
{
"product_name": "SIGMA Extreme",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "0",
"version_value": "4.15.5"
}
]
}
},
{
"product_name": "MorphoWave Compact/XP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "0",
"version_value": "2.12.2"
}
]
}
},
{
"product_name": "VisionPass",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "0",
"version_value": "2.12.2"
}
]
}
},
{
"product_name": "MorphoWave SP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "0",
"version_value": "1.2.7"
}
]
}
}
]
},
"vendor_name": "IDEMIA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "\n\n\n\n\n\n\n\n\nWhen handling contactless cards, usage of a specific function to get additional information from the card which doesn\u0027t \ncheck the boundary on the data received while reading. This allows a stack-based buffer overflow that could lead to a \npotential Remote Code Execution on the targeted device\n\n\n\n\n\n\n\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-121",
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf",
"refsource": "MISC",
"url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:idemia:sigma_lite_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "983A7DAD-1995-4A8A-8714-D47D4E90ABF2",
"versionEndExcluding": "4.15.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:idemia:sigma_lite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2F8847F-E51A-4A64-A2D4-FCDD193E7AFA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:idemia:sigma_lite\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2582E12-D19F-4660-A98C-6941C8C9081D",
"versionEndExcluding": "4.15.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:idemia:sigma_lite\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BB49653-25EA-4F69-A1B7-0ACA58F85FF1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:idemia:sigma_extreme_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "865DE0C9-5384-45BD-AF81-5C416FCB962A",
"versionEndExcluding": "4.15.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:idemia:sigma_extreme:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FB05B6D-7D4C-4148-A05A-751B272B0E25",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:idemia:sigma_wide_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E2D74C2-6C83-4111-B410-E81C7414309B",
"versionEndExcluding": "4.15.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:idemia:sigma_wide:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE86F813-6021-4FEB-86A9-B7013EEB4416",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:idemia:morphowave_compact_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BDA2ED3-4875-45EB-8489-8C6B8F44EF2A",
"versionEndExcluding": "2.12.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:idemia:morphowave_compact:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B36E662E-C713-47E5-B07E-F0D9F1C63E9D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:idemia:morphowave_xp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEAD097B-E5A8-492F-9ABB-75D5D15A8F9F",
"versionEndExcluding": "2.12.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:idemia:morphowave_xp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FA7252B-5871-4A13-B41D-752A5EA276F1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:idemia:visionpass_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1ED8DCF7-F85C-4513-BF69-5FE2D7185A96",
"versionEndExcluding": "2.12.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:idemia:visionpass:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDABE653-294E-478C-B458-F9A1206A0E7E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:idemia:morphowave_sp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF554F0F-8E5D-40A2-A676-8984AB685CEE",
"versionEndExcluding": "1.2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:idemia:morphowave_sp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFD369B0-119B-497B-9353-AB5E5E267FF9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\n\n\n\n\nWhen handling contactless cards, usage of a specific function to get additional information from the card which doesn\u0027t \ncheck the boundary on the data received while reading. This allows a stack-based buffer overflow that could lead to a \npotential Remote Code Execution on the targeted device\n\n\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "Al manejar tarjetas sin contacto, se utiliza una funci\u00f3n espec\u00edfica para obtener informaci\u00f3n adicional de la tarjeta que no verifica el l\u00edmite de los datos recibidos durante la lectura. Esto permite un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria que podr\u00eda provocar una posible ejecuci\u00f3n remota de c\u00f3digo en el dispositivo de destino."
}
],
"id": "CVE-2023-33222",
"lastModified": "2023-12-28T14:58:34.140",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "a87f365f-9d39-4848-9b3a-58c7cae69cab",
"type": "Secondary"
}
]
},
"published": "2023-12-15T12:15:44.130",
"references": [
{
"source": "a87f365f-9d39-4848-9b3a-58c7cae69cab",
"tags": [
"Vendor Advisory"
],
"url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf"
}
],
"sourceIdentifier": "a87f365f-9d39-4848-9b3a-58c7cae69cab",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "a87f365f-9d39-4848-9b3a-58c7cae69cab",
"type": "Secondary"
}
]
}
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…