Lucene search
K
ShapeshiftKeepkey Firmware

5 matches found

CVE
CVE
added 2019/08/10 3:41 p.m.114 views

CVE-2019-14355

ShapeShift KeepKey devices are affected by a side-channel vulnerability affecting the row-based OLED display. The power consumption of each display cycle depends on the number of illuminated pixels, enabling partial recovery of the displayed secret data when an attacker can measure device power v...

2.4CVSS3.7AI score0.00347EPSS
CVE
CVE
added 2019/12/06 5:54 p.m.114 views

CVE-2019-18672

The affected product is the ShapeShift KeepKey hardware wallet. The issue stems from insufficient checks in the device’s finite state machine prior to firmware 6.2.2, which allows a partial reset of cryptographic secrets to known values via crafted messages. This vulnerability can compromise U2F ...

7.5CVSS7.4AI score0.00783EPSS
CVE
CVE
added 2021/05/06 11:1 a.m.46 views

CVE-2021-31616

CVE-2021-31616 affects ShapeShift KeepKey hardware wallet firmware prior to 7.1.0. The issue is a stack buffer overflow caused by insufficient length checks in the ethereum_extractThorchainSwapData() function within ethereum.c, which can be triggered by crafted messages and is reachable remotely ...

8.8CVSS8.9AI score0.02497EPSS
CVE
CVE
added 2023/05/02 12:0 a.m.44 views

CVE-2023-27892

CVE-2023-27892 affects ShapeShift KeepKey hardware wallet firmware prior to 7.7.0. It stems from insufficient length checks that allow a global buffer overflow via crafted messages. The issue involves flaws in cf_confirmExecTx() within ethereum_contracts.c, which can reveal arbitrary microcontrol...

5.7CVSS5.7AI score0.0047EPSS
CVE
CVE
added 2018/03/14 1:0 p.m.40 views

CVE-2018-6875

CVE-2018-6875 affects KeepKey v4.0.0: a Format String vulnerability could cause the device to display information it should not access, triggered by text containing characters the device font cannot render. The issue is described across multiple sources (e.g., NVD entry and CNVD/CVE mirrors) as a...

7.5CVSS7.3AI score0.01111EPSS