Heap-based Buffer Overflow in DesFire Key Reading Function

Heap-based Buffer Overflow in DesFire Key Reading Function

CVE-2023-33221 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

When reading DesFire keys, the function that reads the card isn't properly checking the boundaries when copying internally the data received. This allows a heap based buffer overflow that could lead to a potential Remote Code Execution on the targeted device. This is especially problematic if you use Default DESFire key.

Learn more about our Internal Network Penetration Testing.