CVE-2023-27892

Name of the Vulnerable Software and Affected Versions ShapeShift KeepKey hardware wallet versions prior to 7.7.0

Description The issue is related to insufficient length checks in the firmware, allowing a global buffer overflow via crafted messages. Flaws in the cf confirmExecTx() function in ethereum contracts.c can reveal arbitrary microcontroller memory on the device screen or crash the device. With physical access to a PIN-unlocked device, attackers can extract the BIP39 mnemonic secret from the hardware wallet.

Recommendations For versions prior to 7.7.0, update the firmware to version 7.7.0 or later to resolve the issue. As a temporary workaround, consider restricting physical access to the device and keeping it PIN-locked to minimize the risk of exploitation.