PT-2026-42182 · Ledger · Bitcoin App
Antoine Poinsot
+2
·
Published
2026-05-20
·
Updated
2026-05-20
·
CVE-2023-7346
CVSS v3.1
4.0
Medium
| Vector | AV:P/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Ledger Bitcoin app versions 2.1.0 through 2.1.1
Description
An address derivation issue exists due to the improper handling of miniscript policies containing the
a: fragment. Attackers can craft malicious miniscript policies that cause the device to derive and display incorrect receiving addresses, which could lead to funds being sent to unintended addresses.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bitcoin App