Shapeshift: >> Keepkey Firmware >> 7.0.3 Security Vulnerabilities
Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.1.0 allow a stack buffer overflow via crafted messages. The overflow in ethereum_extractThorchainSwapData() in ethereum.c can circumvent stack protections and lead to code execution. The vulnerable interface is reachable remotely over WebUSB.
CVSS Score
8.8
EPSS Score
0.022
Published
2021-05-06