Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware prior to 7.1.0 allow a stack buffer overflow via crafted messages. The overflow in ethereum_extractThorchainSwapData() in ethereum.c can circumvent stack protections and lead to code execution. The vulnerable interface is reachable remotely over WebUSB.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
shapeshift keepkey_firmware |