CVE-2021-35522

critical

Description

A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2, Sigma devices before 4.9.4, and MA VP MD devices before 4.9.7 allows remote attackers to achieve code execution, denial of services, and information disclosure via TCP/IP packets.

References

https://www.idemia.com

https://biometricdevices.idemia.com/s/global-search/0696700000JJa1nAAD?sharing=true

https://biometricdevices.idemia.com/s/global-search/0696700000JJa0zAAD?sharing=true

Details

Source: Mitre, NVD

Published: 2021-07-22

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.03418