Sign-up

ID

VAR-202305-0261


CVE

CVE-2023-27892


TITLE

ShapeShift KeepKey Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202305-092

DESCRIPTION

Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.7.0 allow a global buffer overflow via crafted messages. Flaws in cf_confirmExecTx() in ethereum_contracts.c can be used to reveal arbitrary microcontroller memory on the device screen or crash the device. With physical access to a PIN-unlocked device, attackers can extract the BIP39 mnemonic secret from the hardware wallet

Trust: 0.99

sources: NVD: CVE-2023-27892 // VULMON: CVE-2023-27892

AFFECTED PRODUCTS

vendor:shapeshiftmodel:keepkeyscope:ltversion:7.7.0

Trust: 1.0

vendor:shapeshiftmodel:keepkeyscope:gteversion:7.5.2

Trust: 1.0

sources: NVD: CVE-2023-27892

CVSS

SEVERITY

CVSSV2

CVSSV3

cve@mitre.org: CVE-2023-27892
value: LOW

Trust: 1.0

nvd@nist.gov: CVE-2023-27892
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202305-092
value: MEDIUM

Trust: 0.6

cve@mitre.org: CVE-2023-27892
baseSeverity: LOW
baseScore: 3.8
vectorString: CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: PHYSICAL
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.2
impactScore: 3.6
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2023-27892
baseSeverity: MEDIUM
baseScore: 5.7
vectorString: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: PHYSICAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 0.5
impactScore: 5.2
version: 3.1

Trust: 1.0

sources: CNNVD: CNNVD-202305-092 // NVD: CVE-2023-27892 // NVD: CVE-2023-27892

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:CWE-125

Trust: 1.0

sources: NVD: CVE-2023-27892

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202305-092

PATCH

title:ShapeShift KeepKey Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=236963

Trust: 0.6

sources: CNNVD: CNNVD-202305-092

EXTERNAL IDS

db:NVDid:CVE-2023-27892

Trust: 1.7

db:CNNVDid:CNNVD-202305-092

Trust: 0.6

db:VULMONid:CVE-2023-27892

Trust: 0.1

sources: VULMON: CVE-2023-27892 // CNNVD: CNNVD-202305-092 // NVD: CVE-2023-27892

REFERENCES

url:https://github.com/keepkey/keepkey-firmware/pull/337

Trust: 1.7

url:https://blog.inhq.net/posts/keepkey-cve-2023-27892/

Trust: 1.7

url:https://cxsecurity.com/cveshow/cve-2023-27892/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2023-27892 // CNNVD: CNNVD-202305-092 // NVD: CVE-2023-27892

SOURCES

db:VULMONid:CVE-2023-27892
db:CNNVDid:CNNVD-202305-092
db:NVDid:CVE-2023-27892

LAST UPDATE DATE

2025-01-31T23:12:09.983000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-27892date:2023-05-03T00:00:00
db:CNNVDid:CNNVD-202305-092date:2023-05-11T00:00:00
db:NVDid:CVE-2023-27892date:2025-01-30T17:15:13.877

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-27892date:2023-05-02T00:00:00
db:CNNVDid:CNNVD-202305-092date:2023-05-02T00:00:00
db:NVDid:CVE-2023-27892date:2023-05-02T21:15:09.337