Insufficient field size check in Protobuf #42

tsusanka · 2022-10-07T13:41:15Z

tsusanka
Oct 7, 2022
Maintainer

Impact: Theft of Funds
Scalability: Remote (Interaction)
Severity: Critical
Fixed in: Firmware 1.10.3
Reported by: Stellar Development Foundation
Date reported: 2021-07-12

Details

Without this check, an attacker could trick the user into signing a Stellar transaction moving their assets while thinking they are signing a ManageData transaction.

Fix

trezor/trezor-firmware@dd65780

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Trezor

Insufficient field size check in Protobuf #42

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 0 comments

Select a reply

Trezor

Insufficient field size check in Protobuf #42

tsusanka Oct 7, 2022 Maintainer

Details

Fix

Read more

Replies: 0 comments

tsusanka
Oct 7, 2022
Maintainer