CVE-2021-38111

Published: Aug 4, 2021Modified: Jun 17, 2026

8.8

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The DEF CON 27 badge allows remote attackers to exploit a buffer overflow by sending an oversized packet via the NFMI (Near Field Magnetic Induction) protocol.

Affected (1)

Products: Defcon: Def Con 27 Firmware

Defcon

1 product

Def Con 27 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Defcon Def Con 27 Firmware	All versions

Running on/with	Platform Versions
Defcon Def Con 27	All versions

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (4)

https://defcon.org/html/defcon-29/dc-29-speakers.html#kintigh

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/skintigh/defcon27_badge_sdr

Source: cve@mitre.org

https://defcon.org/html/defcon-29/dc-29-speakers.html#kintigh

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://github.com/skintigh/defcon27_badge_sdr

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.