CVE-2023-33222

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions.

Description The issue arises when handling contactless cards, specifically due to the usage of a function that does not check the boundary on the data received while reading. This oversight allows a stack-based buffer overflow, potentially leading to Remote Code Execution on the targeted device. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Stack Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-787

Related Identifiers

CVE-2023-33222

Affected Products

Morphowave Compact/Xp

Morphowave Sp

Sigma Extreme

Sigma Lite & Lite +

Sigma Wide

Visionpass

Morphowave Compact Firmware

Morphowave Xp Firmware

Sigma Extreme Firmware

Sigma Lite Firmware

Sigma Wide Firmware

Visionpass Firmware

CVE-2023-33222

Weakness Enumeration

Related Identifiers

Affected Products

References · 5