CVE-2023-21511
Description
Out-of-bounds Read vulnerability while processing CMD_COLDWALLET_BTC_SET_PRV_UTXO in bc_core trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to read arbitrary memory.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Out-of-bounds read in Samsung Blockchain Keystore bc_core trustlet allows local attacker to read arbitrary memory; fixed in version 1.3.12.1.
Vulnerability
An out-of-bounds read vulnerability exists in the bc_core trustlet of Samsung Blockchain Keystore when processing the CMD_COLDWALLET_BTC_SET_PRV_UTXO command. Versions prior to 1.3.12.1 are affected [1].
Exploitation
A local attacker with access to the device can exploit this vulnerability by sending a crafted CMD_COLDWALLET_BTC_SET_PRV_UTXO command to the trustlet, triggering an out-of-bounds read operation.
Impact
Successful exploitation allows the attacker to read arbitrary memory from the trustlet's address space, leading to unauthorized information disclosure of sensitive data.
Mitigation
This vulnerability is fixed in Samsung Blockchain Keystore version 1.3.12.1, included in the May 2023 security update [1]. No workaround is available.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <1.3.12.1
- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.