{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-28T02:28:05.304","vulnerabilities":[{"cve":{"id":"CVE-2023-33221","sourceIdentifier":"a87f365f-9d39-4848-9b3a-58c7cae69cab","published":"2023-12-15T12:15:43.927","lastModified":"2024-11-21T08:05:10.097","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"\n\n\n\n\n\n\n\n\nWhen reading DesFire keys, the function that reads the card isn't properly checking the boundaries when copying \ninternally the data received. This allows a heap based buffer overflow that could lead to a potential Remote Code \nExecution on the targeted device. This is especially problematic if you use Default DESFire key.\n\n\n\n\n\n\n\n"},{"lang":"es","value":"Al leer las claves de DesFire, la función que lee la tarjeta no verifica correctamente los límites al copiar internamente los datos recibidos. Esto permite un desbordamiento de búfer de almacenamiento dinámico que podría conducir a una posible ejecución remota de código en el dispositivo de destino. Esto es especialmente problemático si utiliza la clave DESFire predeterminada."}],"metrics":{"cvssMetricV31":[{"source":"a87f365f-9d39-4848-9b3a-58c7cae69cab","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"a87f365f-9d39-4848-9b3a-58c7cae69cab","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:idemia:sigma_lite_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"4.15.5","matchCriteriaId":"983A7DAD-1995-4A8A-8714-D47D4E90ABF2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:idemia:sigma_lite:-:*:*:*:*:*:*:*","matchCriteriaId":"E2F8847F-E51A-4A64-A2D4-FCDD193E7AFA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:idemia:sigma_lite\\+_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"4.15.5","matchCriteriaId":"A2582E12-D19F-4660-A98C-6941C8C9081D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:idemia:sigma_lite\\+:-:*:*:*:*:*:*:*","matchCriteriaId":"2BB49653-25EA-4F69-A1B7-0ACA58F85FF1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:idemia:sigma_extreme_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"4.15.5","matchCriteriaId":"865DE0C9-5384-45BD-AF81-5C416FCB962A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:idemia:sigma_extreme:-:*:*:*:*:*:*:*","matchCriteriaId":"4FB05B6D-7D4C-4148-A05A-751B272B0E25"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:idemia:sigma_wide_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"4.15.5","matchCriteriaId":"8E2D74C2-6C83-4111-B410-E81C7414309B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:idemia:sigma_wide:-:*:*:*:*:*:*:*","matchCriteriaId":"BE86F813-6021-4FEB-86A9-B7013EEB4416"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:idemia:morphowave_compact_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.12.2","matchCriteriaId":"8BDA2ED3-4875-45EB-8489-8C6B8F44EF2A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:idemia:morphowave_compact:-:*:*:*:*:*:*:*","matchCriteriaId":"B36E662E-C713-47E5-B07E-F0D9F1C63E9D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:idemia:morphowave_xp_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.12.2","matchCriteriaId":"AEAD097B-E5A8-492F-9ABB-75D5D15A8F9F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:idemia:morphowave_xp:-:*:*:*:*:*:*:*","matchCriteriaId":"2FA7252B-5871-4A13-B41D-752A5EA276F1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:idemia:visionpass_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.12.2","matchCriteriaId":"1ED8DCF7-F85C-4513-BF69-5FE2D7185A96"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:idemia:visionpass:-:*:*:*:*:*:*:*","matchCriteriaId":"CDABE653-294E-478C-B458-F9A1206A0E7E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:idemia:morphowave_sp_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.2.7","matchCriteriaId":"BF554F0F-8E5D-40A2-A676-8984AB685CEE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:idemia:morphowave_sp:-:*:*:*:*:*:*:*","matchCriteriaId":"AFD369B0-119B-497B-9353-AB5E5E267FF9"}]}]}],"references":[{"url":"https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf","source":"a87f365f-9d39-4848-9b3a-58c7cae69cab","tags":["Vendor Advisory"]},{"url":"https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}