Lucene search

MitreCVELIST:CVE-2023-27892

HistoryMay 02, 2023 - 12:00 a.m.

CVE-2023-27892

2023-05-0200:00:00

mitre

www.cve.org

shapeshift keepkey

buffer overflow

memory reveal

bip39 mnemonic

firmware

hardware wallet

insufficient length checks

physical access

3.8 Low

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.1%

JSON

Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.7.0 allow a global buffer overflow via crafted messages. Flaws in cf_confirmExecTx() in ethereum_contracts.c can be used to reveal arbitrary microcontroller memory on the device screen or crash the device. With physical access to a PIN-unlocked device, attackers can extract the BIP39 mnemonic secret from the hardware wallet.

References

blog.inhq.net/posts/keepkey-CVE-2023-27892/

github.com/keepkey/keepkey-firmware/pull/337

3.8 Low

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.1%

JSON

Related for CVELIST:CVE-2023-27892