5 matches found
CVE-2019-14355
ShapeShift KeepKey devices are affected by a side-channel vulnerability affecting the row-based OLED display. The power consumption of each display cycle depends on the number of illuminated pixels, enabling partial recovery of the displayed secret data when an attacker can measure device power v...
CVE-2019-18672
The affected product is the ShapeShift KeepKey hardware wallet. The issue stems from insufficient checks in the device’s finite state machine prior to firmware 6.2.2, which allows a partial reset of cryptographic secrets to known values via crafted messages. This vulnerability can compromise U2F ...
CVE-2021-31616
CVE-2021-31616 affects ShapeShift KeepKey hardware wallet firmware prior to 7.1.0. The issue is a stack buffer overflow caused by insufficient length checks in the ethereum_extractThorchainSwapData() function within ethereum.c, which can be triggered by crafted messages and is reachable remotely ...
CVE-2023-27892
CVE-2023-27892 affects ShapeShift KeepKey hardware wallet firmware prior to 7.7.0. It stems from insufficient length checks that allow a global buffer overflow via crafted messages. The issue involves flaws in cf_confirmExecTx() within ethereum_contracts.c, which can reveal arbitrary microcontrol...
CVE-2018-6875
CVE-2018-6875 affects KeepKey v4.0.0: a Format String vulnerability could cause the device to display information it should not access, triggered by text containing characters the device font cannot render. The issue is described across multiple sources (e.g., NVD entry and CNVD/CVE mirrors) as a...