セキュリティポータルに戻る
Insufficient field size check in Protobuf
報告日:July 12, 2021
Without this check, an attacker could trick the user into signing a Stellar transaction moving their assets while thinking they are signing a ManageData transaction. Fixed in firmware 1.10.3.
修正済みの脆弱性
コミュニティからの報告により、調査を行い、問題を解決しました。あなたのセキュリティは常に最優先です。
- Inability to cancel certain flows on pre-production firmwareOctober 31, 2025
- Donjon's Trezor Safe 3 evaluationNovember 12, 2024
- Missing confirmation in the ECDHSessionKey callNovember 26, 2023
- XSS in Trezor Connect legacy versionsFebruary 7, 2023
- XSS in Trezor ConnectAugust 3, 2020
- Missing path isolation checkJuly 14, 2020