PT-2018-17796 · Keepkey · Keepkey

Published

2018-03-14

Updated

2020-01-07

CVE-2018-6875

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions KeepKey version 4.0.0

Description The issue allows attackers to trigger the display of information that should not be accessible. This is related to text containing characters that the device's font lacks, which can be exploited to reveal sensitive information.

Recommendations For KeepKey version 4.0.0, update to a newer version that contains a fix for this issue to prevent unauthorized information display.

Fix

Use of Externally-Controlled Format String

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-134

Related Identifiers

CVE-2018-6875

Affected Products

Keepkey

PT-2018-17796 · Keepkey · Keepkey

CVE-2018-6875

Weakness Enumeration

Related Identifiers

Affected Products

References · 3