Ledger · Hw-App-Eth · CVE-2023-7345
**Name of the Vulnerable Software and Affected Versions**
ledgerhq/hw-app-eth versions prior to 6.34.7
**Description**
An integer parsing issue exists where incorrect hexadecimal field parsing occurs when values contain an odd number of characters. This allows attackers to manipulate EIP-712 typed data messages, enabling them to obtain signatures on truncated or misinterpreted message values to authorize unintended blockchain transactions, such as asset transfers for incorrect amounts.
**Recommendations**
Update ledgerhq/hw-app-eth to version 6.34.7 or later.