Vulnerabilities > CVE-2021-31616 - Out-of-bounds Write vulnerability in Shapeshift Keepkey Firmware 7.0.3
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.1.0 allow a stack buffer overflow via crafted messages. The overflow in ethereum_extractThorchainSwapData() in ethereum.c can circumvent stack protections and lead to code execution. The vulnerable interface is reachable remotely over WebUSB.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 1 | |
Hardware | 1 |
Common Weakness Enumeration (CWE)
References
- https://blog.inhq.net/posts/keepkey-CVE-2021-31616/
- https://blog.inhq.net/posts/keepkey-CVE-2021-31616/
- https://github.com/keepkey/keepkey-firmware/commit/e49d45594002d4d3fbc1f03488e6dfc0a0a65836
- https://github.com/keepkey/keepkey-firmware/commit/e49d45594002d4d3fbc1f03488e6dfc0a0a65836
- https://github.com/keepkey/keepkey-firmware/releases/tag/v7.1.0
- https://github.com/keepkey/keepkey-firmware/releases/tag/v7.1.0
- https://shapeshift.com/library/keepkey-important-update-issued-april-4-required
- https://shapeshift.com/library/keepkey-important-update-issued-april-4-required