Insufficient field size check in Protobuf

Reported on March 5, 2020

An attacker could craft a transaction that could be interpreted in two different ways: first, a legitimate transaction which unknowingly contains a very long prevhash; and second, hidden in the long prevhash is an output sending all funds to the attacker's address. The resulting transaction would be non-standard and would not be propagated by the Bitcoin network, so an attacker would need to mine their own block.

Reported bySaleem Rashid

Our blog post

Trezor Model T

Resolved vulnerabilities

Reported by community. Investigated. Resolved. Because your security is never optional.

Missing confirmation in the ECDHSessionKey call
November 26, 2023
XSS in Trezor Connect legacy versions
February 7, 2023
Insufficient field size check in Protobuf
July 12, 2021
XSS in Trezor Connect
August 3, 2020
Missing path isolation check
July 14, 2020
Malicious change in mixed transactions
March 7, 2020