VYPR

KeepKey

by ShapeShift

Source repositories

CVEs (5)

  • CVE-2019-18671CriDec 6, 2019
    risk 0.57cvss 9.8epss 0.03

    Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss segment via crafted messages. The vulnerability could allow code execution or other forms of impact. It can be triggered by…

  • CVE-2019-18672HigDec 6, 2019
    risk 0.42cvss 7.5epss 0.01

    Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Notably, this breaks the security of U2F for new server registrations and…

  • CVE-2019-14355LowAug 10, 2019
    risk 0.16cvss 2.4epss 0.00

    On ShapeShift KeepKey devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB…

  • CVE-2023-27892LowMay 2, 2023
    risk 0.00cvss 3.8epss 0.00

    Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.7.0 allow a global buffer overflow via crafted messages. Flaws in cf_confirmExecTx() in ethereum_contracts.c can be used to reveal arbitrary microcontroller memory on the device screen or…

  • CVE-2021-31616HigMay 6, 2021
    risk 0.00cvss 8.8epss 0.03

    Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.1.0 allow a stack buffer overflow via crafted messages. The overflow in ethereum_extractThorchainSwapData() in ethereum.c can circumvent stack protections and lead to code execution. The…