62 matches found
CVE-2023-27892
CVE-2023-27892 affects ShapeShift KeepKey hardware wallet firmware prior to 7.7.0. It stems from insufficient length checks that allow a global buffer overflow via crafted messages. The issue involves flaws in cf_confirmExecTx() within ethereum_contracts.c, which can reveal arbitrary microcontrol...
CVE-2022-30330
In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface can be exploited to bypass important security restrictions on firmware operations. Using these flaws, malicious firmware code can elevate privileges, permanently make the device inoperable or overwrite the trusted bootloader...
CVE-2022-30330
In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface can be exploited to bypass important security restrictions on firmware operations. Using these flaws, malicious firmware code can elevate privileges, permanently make the device inoperable or overwrite the trusted bootloader...
CVE-2022-30330
In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface can be exploited to bypass important security restrictions on firmware operations. Using these flaws, malicious firmware code can elevate privileges, permanently make the device inoperable or overwrite the trusted bootloader...
Design/Logic Flaw
In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface can be exploited to bypass important security restrictions on firmware operations. Using these flaws, malicious firmware code can elevate privileges, permanently make the device inoperable or overwrite the trusted bootloader...
CVE-2022-30330
KeepKey firmware prior to 7.3.2 is affected. The issue stems from flaws in the supervisor interface, specifically improper handling of the svhandler_flash_* address range checks in lib/board/supervise.c, which can allow malicious firmware to bypass firmware-operation restrictions, elevate privile...
CVE-2022-30330
In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface can be exploited to bypass important security restrictions on firmware operations. Using these flaws, malicious firmware code can elevate privileges, permanently make the device inoperable or overwrite the trusted bootloader...
KeepKey firmware 输入验证错误漏洞
KeepKey firmware is an open source KeepKey device firmware from KeepKey USA. A security vulnerability exists in KeepKey versions prior to 7.3.2, which stems from lib/board/supervise.c incorrectly handling the svhandlerflash address range check...
PT-2022-20066 · Keepkey · Keepkey
Name of the Vulnerable Software and Affected Versions: KeepKey firmware versions prior to 7.3.2 Description: The issue is related to flaws in the supervisor interface of the KeepKey firmware, which can be exploited to bypass security restrictions on firmware operations. This can allow malicious...
CVE-2021-31616
Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.1.0 allow a stack buffer overflow via crafted messages. The overflow in ethereumextractThorchainSwapData in ethereum.c can circumvent stack protections and lead to code execution. The vulnerable interface is...
CVE-2021-31616
Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.1.0 allow a stack buffer overflow via crafted messages. The overflow in ethereumextractThorchainSwapData in ethereum.c can circumvent stack protections and lead to code execution. The vulnerable interface is...
Stack overflow
Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.1.0 allow a stack buffer overflow via crafted messages. The overflow in ethereumextractThorchainSwapData in ethereum.c can circumvent stack protections and lead to code execution. The vulnerable interface is...
CVE-2021-31616
CVE-2021-31616 affects ShapeShift KeepKey hardware wallet firmware prior to 7.1.0. The issue is a stack buffer overflow caused by insufficient length checks in the ethereum_extractThorchainSwapData() function within ethereum.c, which can be triggered by crafted messages and is reachable remotely ...
CVE-2021-31616
Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.1.0 allow a stack buffer overflow via crafted messages. The overflow in ethereumextractThorchainSwapData in ethereum.c can circumvent stack protections and lead to code execution. The vulnerable interface is...
ShapeShift KeepKey 缓冲区错误漏洞
ShapeShift KeepKey is an e-wallet device for cryptocurrency storage. A security vulnerability exists in ShapeShift KeepKey hardware wallet firmware versions prior to 7.1.0 that allows an attacker to cause a stack buffer overflow via a crafted message, which could lead to code execution...
49 New Google Chrome Extensions Caught Hijacking Cryptocurrency Wallets
Google has ousted 49 Chrome browser extensions from its Web Store that masqueraded as cryptocurrency wallets but contained malicious code to siphon off sensitive information and empty the digital currencies. The 49 browser add-ons, potentially the work of Russian threat actors, were identified fi...
49 New Google Chrome Extensions Caught Hijacking Cryptocurrency Wallets
Google has ousted 49 Chrome browser extensions from its Web Store that masqueraded as cryptocurrency wallets but contained malicious code to siphon off sensitive information and empty the digital currencies. The 49 browser add-ons, potentially the work of Russian threat actors, were identified fi...
Unspecified vulnerability in ShapeShift KeepKey finite state machine
ShapeShift KeepKey is an e-wallet device for cryptocurrency storage. An unspecified vulnerability exists in the ShapeShift KeepKey finite state machine, which stems from the program not being sufficiently authenticated. The vulnerability can be exploited to reset a portion of the encryption key t...
ShapeShift KeepKey Buffer Overflow Vulnerability
ShapeShift KeepKey is an e-wallet device for cryptocurrency storage. ShapeShift KeepKey suffers from a punch zone overflow vulnerability. The vulnerability stems from a networked system or product performing operations in memory without properly validating data boundaries, resulting in incorrect...
CVE-2019-18672
Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Notably, this breaks the security of U2F for new server registrations and invalidates existing...