19 matches found
EUVD-2023-60576
Ledger Live with vulnerable versions of ledgerhq/hw-app-eth prior to 6.34.7 contains an integer parsing vulnerability that allows attackers to manipulate EIP-712 typed data messages by exploiting incorrect hexadecimal field parsing when values contain an odd number of characters. Attackers can...
CVE-2023-7345
Ledger Live with vulnerable versions of ledgerhq/hw-app-eth prior to 6.34.7 contains an integer parsing vulnerability that allows attackers to manipulate EIP-712 typed data messages by exploiting incorrect hexadecimal field parsing when values contain an odd number of characters. Attackers can...
CVE-2023-7345
Ledger Live with vulnerable versions of ledgerhq/hw-app-eth prior to 6.34.7 contains an integer parsing vulnerability that allows attackers to manipulate EIP-712 typed data messages by exploiting incorrect hexadecimal field parsing when values contain an odd number of characters. Attackers can...
CVE-2023-7345 Ledger Live hw-app-eth EIP-712 Message Parsing Integer Truncation
Ledger Live with vulnerable versions of ledgerhq/hw-app-eth prior to 6.34.7 contains an integer parsing vulnerability that allows attackers to manipulate EIP-712 typed data messages by exploiting incorrect hexadecimal field parsing when values contain an odd number of characters. Attackers can...
CVE-2023-7345
Affected software: Ledger Live with vulnerable versions of ledgerhq/hw-app-eth prior to 6.34.7. Root cause: Integer parsing vulnerability in EIP-712 message handling due to incorrect hexadecimal field parsing when values have an odd number of characters. Impact: Attackers could obtain signatures ...
CVE-2023-7345 Ledger Live hw-app-eth EIP-712 Message Parsing Integer Truncation
Ledger Live with vulnerable versions of ledgerhq/hw-app-eth prior to 6.34.7 contains an integer parsing vulnerability that allows attackers to manipulate EIP-712 typed data messages by exploiting incorrect hexadecimal field parsing when values contain an odd number of characters. Attackers can...
PT-2026-42019
Name of the Vulnerable Software and Affected Versions ledgerhq/hw-app-eth versions prior to 6.34.7 Description An integer parsing issue exists where incorrect hexadecimal field parsing occurs when values contain an odd number of characters. This allows attackers to manipulate EIP-712 typed data...
Ledger Live 代码问题漏洞
Ledger Live is an encrypted asset management application developed by the French company Ledger. Versions of Ledger Live prior to 6.34.7 contained a code vulnerability caused by integer parsing issues. This vulnerability allowed attackers to manipulate EIP-712 type data messages by exploiting...
Fake Ledger Live App on Apple Store Linked to $9.5M Crypto Theft
Apple approved a fake Ledger Live app on its App Store, allowing scammers to steal $9.5 million from more than 50 users. Did you install this app?...
Fake CleanMyMac site installs SHub Stealer and backdoors crypto wallets
A convincing fake version of the popular Mac utility CleanMyMac is tricking users into installing malware. The site instructs visitors to paste a command into Terminal. If they do, it installs SHub Stealer, macOS malware designed to steal sensitive data including saved passwords, browser data,...
CVE-2020-12119
Ledger Live before 2.7.0 does not handle Bitcoin's Replace-By-Fee RBF. It increases the user's balance with the value of an unconfirmed transaction as soon as it is received before the transaction is confirmed and does not decrease the balance when it is canceled. As a result, users are exposed t...
EUVD-2020-4434
Malware in sbrugna...
Malicious code in ledger-live-assets (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6181eb8571a997bee121a596d871f926f1b02d4e875a57d1a3fc9025338f7a25 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4272 Malicious code in ledger-live-assets (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6181eb8571a997bee121a596d871f926f1b02d4e875a57d1a3fc9025338f7a25 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview ledger-live-assets is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...
CVE-2020-12119
Ledger Live before 2.7.0 does not handle Bitcoin's Replace-By-Fee RBF. It increases the user's balance with the value of an unconfirmed transaction as soon as it is received before the transaction is confirmed and does not decrease the balance when it is canceled. As a result, users are exposed t...
CVE-2020-12119
Ledger Live before 2.7.0 does not handle Bitcoin's Replace-By-Fee RBF. It increases the user's balance with the value of an unconfirmed transaction as soon as it is received before the transaction is confirmed and does not decrease the balance when it is canceled. As a result, users are exposed t...
CVE-2020-12119
Ledger Live before 2.7.0 does not handle Bitcoin's Replace-By-Fee RBF. It increases the user's balance with the value of an unconfirmed transaction as soon as it is received before the transaction is confirmed and does not decrease the balance when it is canceled. As a result, users are exposed t...
CVE-2020-12119
Ledger Live before version 2.7.0 is affected by an RBF handling flaw: unconfirmed Bitcoin transactions are credited to the user’s balance upon receipt and not deducted if canceled, enabling basic and amplified double-spending and potential DoS attacks without user consent. The vulnerability is do...