VYPR
Critical severity9.8NVD Advisory· Published Dec 6, 2019· Updated Jun 17, 2026

CVE-2019-18671

CVE-2019-18671

Description

Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss segment via crafted messages. The vulnerability could allow code execution or other forms of impact. It can be triggered by unauthenticated attackers and the interface is reachable via WebUSB.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • ShapeShift/KeepKey hardware walletdescription
  • Range: <6.2.2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.