Описание
Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.1.0 allow a stack buffer overflow via crafted messages. The overflow in ethereum_extractThorchainSwapData() in ethereum.c can circumvent stack protections and lead to code execution. The vulnerable interface is reachable remotely over WebUSB.
Ссылки
- ExploitPatchThird Party Advisory
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- Vendor Advisory
- ExploitPatchThird Party Advisory
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 7.0.3 (включая) до 7.1.0 (исключая)
Одновременно
cpe:2.3:o:shapeshift:keepkey_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:shapeshift:keepkey:-:*:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02202
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-787
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.1.0 allow a stack buffer overflow via crafted messages. The overflow in ethereum_extractThorchainSwapData() in ethereum.c can circumvent stack protections and lead to code execution. The vulnerable interface is reachable remotely over WebUSB.
EPSS
Процентиль: 84%
0.02202
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-787