Stack overflow

2023-12-1512:15:00

PRIOn knowledge base

www.prio-n.com

retrofit validation buffer overflow

remote code execution

nvd

8.3 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.6%

JSON

The handler of the retrofit validation command doesn’t properly check the boundaries when performing certain validation
operations. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the
targeted device

CPENameOperatorVersion
morphowave_compact_firmwarelt2.12.2
morphowave_sp_firmwarelt1.2.7
morphowave_xp_firmwarelt2.12.2
sigma_extreme_firmwarelt4.15.5
sigma_lite\\+_firmwarelt4.15.5
sigma_lite_firmwarelt4.15.5
sigma_wide_firmwarelt4.15.5
visionpass_firmwarelt2.12.2

Name	Operator	Version
morphowave_compact_firmware	lt	2.12.2
morphowave_sp_firmware	lt	1.2.7
morphowave_xp_firmware	lt	2.12.2
sigma_extreme_firmware	lt	4.15.5
sigma_lite\\+_firmware	lt	4.15.5
sigma_lite_firmware	lt	4.15.5
sigma_wide_firmware	lt	4.15.5
visionpass_firmware	lt	2.12.2

References

www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf