Insufficient field size check in Protobuf

Nahlášeno March 5, 2020

An attacker could craft a transaction that could be interpreted in two different ways: first, a legitimate transaction which unknowingly contains a very long prevhash; and second, hidden in the long prevhash is an output sending all funds to the attacker's address. The resulting transaction would be non-standard and would not be propagated by the Bitcoin network, so an attacker would need to mine their own block.

NahlášenoSaleem Rashid

Náš blogový příspěvek

Trezor Model T

Vyřešené zranitelnosti

Nahlášeno komunitou. Prošetřeno. Vyřešeno. Protože vaše bezpečnost není nikdy volitelná.

Missing confirmation in the ECDHSessionKey call
November 26, 2023
XSS in Trezor Connect legacy versions
February 7, 2023
Insufficient field size check in Protobuf
July 12, 2021
XSS in Trezor Connect
August 3, 2020
Missing path isolation check
July 14, 2020
Malicious change in mixed transactions
March 7, 2020