Vulnerabilities > Shapeshift
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-02 | CVE-2023-27892 | Out-of-bounds Read vulnerability in Shapeshift Keepkey Firmware Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.7.0 allow a global buffer overflow via crafted messages. | 5.7 |
| 2021-05-06 | CVE-2021-31616 | Out-of-bounds Write vulnerability in Shapeshift Keepkey Firmware 7.0.3 Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.1.0 allow a stack buffer overflow via crafted messages. | 6.8 |
| 2019-12-06 | CVE-2019-18672 | Improper Validation of Integrity Check Value vulnerability in Shapeshift Keepkey Firmware Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. | 5.0 |
| 2019-08-10 | CVE-2019-14355 | Information Exposure Through Discrepancy vulnerability in Shapeshift Keepkey Firmware On ShapeShift KeepKey devices, a side channel for the row-based OLED display was found. | 2.4 |
| 2018-03-14 | CVE-2018-6875 | Use of Externally-Controlled Format String vulnerability in Shapeshift Keepkey Firmware 4.0.0 Format String vulnerability in KeepKey version 4.0.0 allows attackers to trigger information display (of information that should not be accessible), related to text containing characters that the device's font lacks. | 5.0 |