CVE-2019-18671

Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss segment via crafted messages. The vulnerability could allow code execution or other forms of impact. It can be triggered by unauthenticated attacke...

CVE-2019-18672

Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Notably, this breaks the security of U2F for new server registrations and invalidates existing...

EUVD-2021-18505

Malware in sbrugna...

EUVD-2019-8388

Malware in sbrugna...

EUVD-2019-8387

Malware in sbrugna...

EUVD-2023-31626

Malicious code in bioql PyPI...

CVE-2019-14355

On ShapeShift KeepKey devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be abl...

CVE-2023-27892

Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.7.0 allow a global buffer overflow via crafted messages. Flaws in cfconfirmExecTx in ethereumcontracts.c can be used to reveal arbitrary microcontroller memory on the device screen or crash the device. With...

Buffer overflow

Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.7.0 allow a global buffer overflow via crafted messages. Flaws in cfconfirmExecTx in ethereumcontracts.c can be used to reveal arbitrary microcontroller memory on the device screen or crash the device. With...

CVE-2023-27892

Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.7.0 allow a global buffer overflow via crafted messages. Flaws in cfconfirmExecTx in ethereumcontracts.c can be used to reveal arbitrary microcontroller memory on the device screen or crash the device. With...

PT-2023-21399 · Shapeshift · Keepkey

Name of the Vulnerable Software and Affected Versions: ShapeShift KeepKey hardware wallet versions prior to 7.7.0 Description: The issue is related to insufficient length checks in the firmware, allowing a global buffer overflow via crafted messages. Flaws in the cf confirmExecTx function in...

ShapeShift KeepKey 缓冲区错误漏洞

ShapeShift KeepKey is an e-wallet device for cryptocurrency storage. A security vulnerability exists in ShapeShift KeepKey versions prior to 7.7.0 that stems from insufficient length checking, allowing an attacker to extract the BIP39 mnemonic from a hardware wallet via a crafted message that...

CVE-2023-27892

CVE-2023-27892 affects ShapeShift KeepKey hardware wallet firmware prior to 7.7.0. It stems from insufficient length checks that allow a global buffer overflow via crafted messages. The issue involves flaws in cf_confirmExecTx() within ethereum_contracts.c, which can reveal arbitrary microcontrol...

CVE-2021-31616

Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.1.0 allow a stack buffer overflow via crafted messages. The overflow in ethereumextractThorchainSwapData in ethereum.c can circumvent stack protections and lead to code execution. The vulnerable interface is...

Stack overflow

Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.1.0 allow a stack buffer overflow via crafted messages. The overflow in ethereumextractThorchainSwapData in ethereum.c can circumvent stack protections and lead to code execution. The vulnerable interface is...

CVE-2021-31616

CVE-2021-31616 affects ShapeShift KeepKey hardware wallet firmware prior to 7.1.0. The issue is a stack buffer overflow caused by insufficient length checks in the ethereum_extractThorchainSwapData() function within ethereum.c, which can be triggered by crafted messages and is reachable remotely ...

CVE-2021-31616

Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.1.0 allow a stack buffer overflow via crafted messages. The overflow in ethereumextractThorchainSwapData in ethereum.c can circumvent stack protections and lead to code execution. The vulnerable interface is...

Unspecified vulnerability in ShapeShift KeepKey finite state machine

ShapeShift KeepKey is an e-wallet device for cryptocurrency storage. An unspecified vulnerability exists in the ShapeShift KeepKey finite state machine, which stems from the program not being sufficiently authenticated. The vulnerability can be exploited to reset a portion of the encryption key t...

ShapeShift KeepKey Buffer Overflow Vulnerability

ShapeShift KeepKey is an e-wallet device for cryptocurrency storage. ShapeShift KeepKey suffers from a punch zone overflow vulnerability. The vulnerability stems from a networked system or product performing operations in memory without properly validating data boundaries, resulting in incorrect...

CVE-2019-18671

Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss segment via crafted messages. The vulnerability could allow code execution or other forms of impact. It can be triggered by unauthenticated attacke...