CVE-2021-31616 - OpenCVE

Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.1.0 allow a stack buffer overflow via crafted messages. The overflow in ethereum_extractThorchainSwapData() in ethereum.c can circumvent stack protections and lead to code execution. The vulnerable interface is reachable remotely over WebUSB.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Shapeshift	Keepkey Keepkey Firmware

Configuration 1 [-]

AND

cpe:2.3:h:shapeshift:keepkey:-:*:*:*:*:*:*:*

cpe:2.3:o:shapeshift:keepkey_firmware:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://blog.inhq.net/posts/keepkey-CVE-2021-31616/
https://github.com/keepkey/keepkey-firmware/commit/e49d45594002d4d3fbc1f03488e6dfc0a0a65836
https://github.com/keepkey/keepkey-firmware/releases/tag/v7.1.0
https://shapeshift.com/library/keepkey-important-update-issued-april-4-required

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-05-06T11:01:42

Updated: 2024-08-03T23:03:33.671Z

Reserved: 2021-04-23T00:00:00

Link: CVE-2021-31616

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-05-06T13:15:12.693

Modified: 2022-05-03T16:04:40.443

Link: CVE-2021-31616

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.1.0 allow a stack buffer overflow via crafted messages. The overflow in ethereum_extractThorchainSwapData() in ethereum.c can circumvent stack protections and lead to code execution. The vulnerable interface is reachable remotely over WebUSB."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-05-06T19:12:48", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/keepkey/keepkey-firmware/releases/tag/v7.1.0"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/keepkey/keepkey-firmware/commit/e49d45594002d4d3fbc1f03488e6dfc0a0a65836"}, {"tags": ["x_refsource_MISC"], "url": "https://blog.inhq.net/posts/keepkey-CVE-2021-31616/"}, {"tags": ["x_refsource_MISC"], "url": "https://shapeshift.com/library/keepkey-important-update-issued-april-4-required"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-31616", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.1.0 allow a stack buffer overflow via crafted messages. The overflow in ethereum_extractThorchainSwapData() in ethereum.c can circumvent stack protections and lead to code execution. The vulnerable interface is reachable remotely over WebUSB."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/keepkey/keepkey-firmware/releases/tag/v7.1.0", "refsource": "MISC", "url": "https://github.com/keepkey/keepkey-firmware/releases/tag/v7.1.0"}, {"name": "https://github.com/keepkey/keepkey-firmware/commit/e49d45594002d4d3fbc1f03488e6dfc0a0a65836", "refsource": "MISC", "url": "https://github.com/keepkey/keepkey-firmware/commit/e49d45594002d4d3fbc1f03488e6dfc0a0a65836"}, {"name": "https://blog.inhq.net/posts/keepkey-CVE-2021-31616/", "refsource": "MISC", "url": "https://blog.inhq.net/posts/keepkey-CVE-2021-31616/"}, {"name": "https://shapeshift.com/library/keepkey-important-update-issued-april-4-required", "refsource": "MISC", "url": "https://shapeshift.com/library/keepkey-important-update-issued-april-4-required"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:03:33.671Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/keepkey/keepkey-firmware/releases/tag/v7.1.0"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/keepkey/keepkey-firmware/commit/e49d45594002d4d3fbc1f03488e6dfc0a0a65836"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://blog.inhq.net/posts/keepkey-CVE-2021-31616/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://shapeshift.com/library/keepkey-important-update-issued-april-4-required"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-31616", "datePublished": "2021-05-06T11:01:42", "dateReserved": "2021-04-23T00:00:00", "dateUpdated": "2024-08-03T23:03:33.671Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:shapeshift:keepkey:-:*:*:*:*:*:*:*", "matchCriteriaId": "663CE48F-F657-40AA-8954-EADA31C9DFB1", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:shapeshift:keepkey_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BD9316A0-067E-435A-8186-4F8D828D67F4", "versionEndExcluding": "7.1.0", "versionStartIncluding": "7.0.3", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.1.0 allow a stack buffer overflow via crafted messages. The overflow in ethereum_extractThorchainSwapData() in ethereum.c can circumvent stack protections and lead to code execution. The vulnerable interface is reachable remotely over WebUSB."}, {"lang": "es", "value": "Unas comprobaciones insuficiente de longitud en el firmware ShapeShift KeepKey versiones anteriores a 7.1.0, permiten un desbordamiento del b\u00fafer de la pila por medio de mensajes dise\u00f1ados. El desbordamiento en la funci\u00f3n ethereum_extractThorchainSwapData() en el archivo ethereum.c puede omitir las protecciones de la pila y conllevar a una ejecuci\u00f3n de c\u00f3digo. La interfaz vulnerable es accesible de forma remota por medio de WebUSB"}], "id": "CVE-2021-31616", "lastModified": "2022-05-03T16:04:40.443", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-06T13:15:12.693", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://blog.inhq.net/posts/keepkey-CVE-2021-31616/"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/keepkey/keepkey-firmware/commit/e49d45594002d4d3fbc1f03488e6dfc0a0a65836"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/keepkey/keepkey-firmware/releases/tag/v7.1.0"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://shapeshift.com/library/keepkey-important-update-issued-april-4-required"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}