QwikSec

Security Database

CVE

CWE

Training

CVE-2019-18671

Published: Dec 6, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss segment via crafted messages. The vulnerability could allow code execution or other forms of impact. It can be triggered by unauthenticated attackers and the interface is reachable via WebUSB.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/keepkey/keepkey-firmware/commit/b222c66cdd7c3203d917c80ba615082d309d80c3

x_refsource_MISC

https://medium.com/shapeshift-stories/keepkey-release-notes-v-6f7d2ec78065

x_refsource_MISC

https://medium.com/shapeshift-stories/shapeshift-security-update-8ec89bb1b4e3

x_refsource_CONFIRM

https://blog.inhq.net/posts/keepkey-CVE-2019-18671/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.