CVE-2021-31616

Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.1.0 allow a stack buffer overflow via crafted messages. The overflow in ethereum_extractThorchainSwapData() in ethereum.c can circumvent stack protections and lead to code execution. The vulnerable interface is reachable remotely over WebUSB.
Configurations

Configuration 1


Information

Published : 2021-05-06 01:15

Updated : 2022-05-03 04:04


NVD link : CVE-2021-31616

Mitre link : CVE-2021-31616

Products Affected
CWE