Keepkey Firmware@* Security Vulnerabilities and Issues — Keepkey Firmware@* CVE List

Lucene search

ShapeshiftKeepkey Firmware*

3 matches found

CVE•added 2019/12/06 6:15 p.m.•97 views

CVE-2019-18672

Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Notably, this breaks the security of U2F for new server registrations and invalidates existing registr...

7.5CVSS7.4AI score0.00477EPSS

CVE•added 2021/05/06 1:15 p.m.•30 views

CVE-2021-31616

Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.1.0 allow a stack buffer overflow via crafted messages. The overflow in ethereum_extractThorchainSwapData() in ethereum.c can circumvent stack protections and lead to code execution. The vulnerable interface is r...

8.8CVSS8.9AI score0.02202EPSS

CVE•added 2023/05/02 9:15 p.m.•25 views

CVE-2023-27892

Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.7.0 allow a global buffer overflow via crafted messages. Flaws in cf_confirmExecTx() in ethereum_contracts.c can be used to reveal arbitrary microcontroller memory on the device screen or crash the device. With p...

5.7CVSS5.7AI score0.00039EPSS