33 matches found
CVE-2023-7345 Ledger Live hw-app-eth EIP-712 Message Parsing Integer Truncation
Ledger Live with vulnerable versions of ledgerhq/hw-app-eth prior to 6.34.7 contains an integer parsing vulnerability that allows attackers to manipulate EIP-712 typed data messages by exploiting incorrect hexadecimal field parsing when values contain an odd number of characters. Attackers can...
CVE-2025-69893
A side-channel vulnerability exists in the implementation of BIP-39 mnemonic processing, as observed in Trezor One v1.13.0 to v1.14.0, Trezor T v1.13.0 to v1.14.0, and Trezor Safe v1.13.0 to v1.14.0 hardware wallets. This originates from the BIP-39 standard guidelines, which induce non-constant...
CVE-2019-18672
Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Notably, this breaks the security of U2F for new server registrations and invalidates existing...
EUVD-2019-8388
Malware in sbrugna...
EUVD-2021-18505
Malware in sbrugna...
Brave Desktop 1.82.170 Security Fixes
Enhanced validation for hardware wallet bridge communication as reported on HackerOne by oblivionsage. Upgraded Chromium to 140.0.7339.186 — refer to Google Chrome advisories for inherited CVEs...
CVE-2023-27892
Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.7.0 allow a global buffer overflow via crafted messages. Flaws in cfconfirmExecTx in ethereumcontracts.c can be used to reveal arbitrary microcontroller memory on the device screen or crash the device. With...
CVE-2022-30330
In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface can be exploited to bypass important security restrictions on firmware operations. Using these flaws, malicious firmware code can elevate privileges, permanently make the device inoperable or overwrite the trusted bootloader...
Crypto Hardware Wallet Ledger's Supply Chain Breach Results in $600,000 Theft
Crypto hardware wallet maker Ledger published a new version of its "@ledgerhq/connect-kit" npm module after unidentified threat actors pushed malicious code that led to the theft of more than $600,000 in virtual assets. The compromise was the result of a former employee falling victim to a phishi...
CVE-2023-27892
Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.7.0 allow a global buffer overflow via crafted messages. Flaws in cfconfirmExecTx in ethereumcontracts.c can be used to reveal arbitrary microcontroller memory on the device screen or crash the device. With...
CVE-2023-27892
Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.7.0 allow a global buffer overflow via crafted messages. Flaws in cfconfirmExecTx in ethereumcontracts.c can be used to reveal arbitrary microcontroller memory on the device screen or crash the device. With...
CVE-2023-27892
Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.7.0 allow a global buffer overflow via crafted messages. Flaws in cfconfirmExecTx in ethereumcontracts.c can be used to reveal arbitrary microcontroller memory on the device screen or crash the device. With...
PT-2023-21399 · Shapeshift · Keepkey
Name of the Vulnerable Software and Affected Versions: ShapeShift KeepKey hardware wallet versions prior to 7.7.0 Description: The issue is related to insufficient length checks in the firmware, allowing a global buffer overflow via crafted messages. Flaws in the cf confirmExecTx function in...
CVE-2023-27892
CVE-2023-27892 affects ShapeShift KeepKey hardware wallet firmware prior to 7.7.0. It stems from insufficient length checks that allow a global buffer overflow via crafted messages. The issue involves flaws in cf_confirmExecTx() within ethereum_contracts.c, which can reveal arbitrary microcontrol...
ShapeShift KeepKey 缓冲区错误漏洞
ShapeShift KeepKey is an e-wallet device for cryptocurrency storage. A security vulnerability exists in ShapeShift KeepKey versions prior to 7.7.0 that stems from insufficient length checking, allowing an attacker to extract the BIP39 mnemonic from a hardware wallet via a crafted message that...
CVE-2022-30330
In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface can be exploited to bypass important security restrictions on firmware operations. Using these flaws, malicious firmware code can elevate privileges, permanently make the device inoperable or overwrite the trusted bootloader...
CVE-2022-30330
In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface can be exploited to bypass important security restrictions on firmware operations. Using these flaws, malicious firmware code can elevate privileges, permanently make the device inoperable or overwrite the trusted bootloader...
CVE-2022-30330
In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface can be exploited to bypass important security restrictions on firmware operations. Using these flaws, malicious firmware code can elevate privileges, permanently make the device inoperable or overwrite the trusted bootloader...
CVE-2022-30330
In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface can be exploited to bypass important security restrictions on firmware operations. Using these flaws, malicious firmware code can elevate privileges, permanently make the device inoperable or overwrite the trusted bootloader...
GSD-2022-1000069 Hardware glitching attack in Trezor One Hardware Wallet version Unknown
The Trezor Hardware Wallet One based on the ARM Cortex-M3-based STM32 F2 uses the RDP2 security level by default in SDP2 RAM cannot be copied, but the security can be downgraded to RDP1 where the contents of memory can be copied via glitch injection during device power on. Please note although th...