← Retour aux CVEs

CVE-2019-18671

CRITICAL

9.8

Description

Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss segment via crafted messages. The vulnerability could allow code execution or other forms of impact. It can be triggered by unauthenticated attackers and the interface is reachable via WebUSB.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie12/6/2019

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

keepkey:keepkeykeepkey:keepkey_firmware

Faiblesses (CWE)

CWE-787

References

https://blog.inhq.net/posts/keepkey-CVE-2019-18671/(cve@mitre.org)

https://github.com/keepkey/keepkey-firmware/commit/b222c66cdd7c3203d917c80ba615082d309d80c3(cve@mitre.org)

https://medium.com/shapeshift-stories/keepkey-release-notes-v-6f7d2ec78065(cve@mitre.org)

https://medium.com/shapeshift-stories/shapeshift-security-update-8ec89bb1b4e3(cve@mitre.org)

https://blog.inhq.net/posts/keepkey-CVE-2019-18671/(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/keepkey/keepkey-firmware/commit/b222c66cdd7c3203d917c80ba615082d309d80c3(af854a3a-2127-422b-91ae-364da2661108)

https://medium.com/shapeshift-stories/keepkey-release-notes-v-6f7d2ec78065(af854a3a-2127-422b-91ae-364da2661108)

https://medium.com/shapeshift-stories/shapeshift-security-update-8ec89bb1b4e3(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.