Security Advisory

CVE-2021-31616

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-05-06 11:01:42
Last updated 2024-08-03 23:03:33
Assigner mitre
State PUBLISHED

Description

Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.1.0 allow a stack buffer overflow via crafted messages. The overflow in ethereum_extractThorchainSwapData() in ethereum.c can circumvent stack protections and lead to code execution. The vulnerable interface is reachable remotely over WebUSB.