PT-2020-13926 · Trezor · Trezor One+1
Published
2020-06-16
·
Updated
2025-09-11
·
CVE-2020-14199
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Trezor One versions prior to 1.9.1
Trezor Model T versions prior to 2.3.1
Description
The issue in the Bitcoin protocol specification, specifically BIP-143, mishandles the signing of a Segwit transaction. This allows attackers to trick a user into making two signatures in certain cases, potentially leading to a huge transaction fee. All hardware wallets are affected by this issue.
Recommendations
For Trezor One versions prior to 1.9.1, update to version 1.9.1 to resolve the issue.
For Trezor Model T versions prior to 2.3.1, update to version 2.3.1 to resolve the issue.
Fix
Improper Verification of Cryptographic Signature
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Trezor Model T
Trezor One