๐ CVE-2021-31616
๐ก Newskategorie: Sicherheitslรผcken
๐ Quelle: web.nvd.nist.gov
Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.1.0 allow a stack buffer overflow via crafted messages. The overflow in ethereum_extractThorchainSwapData() in ethereum.c can circumvent stack protections and lead to code execution. The vulnerable interface is reachable remotely over WebUSB. ...