Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.7.0 allow a global buffer overflow via crafted messages. Flaws in cf_confirmExecTx() in ethereum_contracts.c can be used to reveal arbitrary microcontroller memory on the device screen or crash the device. With physical access to a PIN-unlocked device, attackers can extract the BIP39 mnemonic secret from the hardware wallet.
CVSS Information
CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
N/A
Vulnerability Title
ShapeShift KeepKey 缓冲区错误漏洞
Vulnerability Description
ShapeShift KeepKey是一款用于加密货币存储的电子钱包设备。 ShapeShift KeepKey 7.7.0之前版本存在安全漏洞,该漏洞源于长度检查不足,允许通过精心制作的消息导致全局缓冲区溢出,攻击者可以从硬件钱包中提取BIP39助记词。
CVSS Information
N/A
Vulnerability Type
N/A