Vulnerability Description
A buffer overflow in the component nfc_device_load_mifare_ul_data of Flipper Devices Inc., Flipper Zero before v0.65.2 allows attackers to cause a Denial of Service (DoS) via a crafted NFC file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Flipperzero | Flipper Zero Firmware | < 0.65.2 |
| Flipperzero | Flipper Zero | - |
Related Weaknesses (CWE)
References
- https://github.com/flipperdevices/flipperzero-firmware/pull/1697ExploitIssue TrackingPatch
- https://vvx7.io/posts/2022/09/your-amiibos-haunted/ExploitThird Party Advisory
- https://github.com/flipperdevices/flipperzero-firmware/pull/1697ExploitIssue TrackingPatch
- https://vvx7.io/posts/2022/09/your-amiibos-haunted/ExploitThird Party Advisory
FAQ
What is CVE-2022-40363?
CVE-2022-40363 is a vulnerability with a CVSS score of 5.5 (MEDIUM). A buffer overflow in the component nfc_device_load_mifare_ul_data of Flipper Devices Inc., Flipper Zero before v0.65.2 allows attackers to cause a Denial of Service (DoS) via a crafted NFC file.
How severe is CVE-2022-40363?
CVE-2022-40363 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-40363?
Check the references section above for vendor advisories and patch information. Affected products include: Flipperzero Flipper Zero Firmware, Flipperzero Flipper Zero.