Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.1.0 allow a stack buffer overflow via crafted messages. The overflow in ethereum_extractThorchainSwapData() in ethereum.c can circumvent stack protections and lead to code execution. The vulnerable interface is reachable remotely over WebUSB.
CPE | Name | Operator | Version |
---|---|---|---|
keepkey_firmware | ge | 7.0.3 | |
keepkey_firmware | lt | 7.1.0 |