Back to security portal

Insufficient field size check in Protobuf

Reported on July 12, 2021
Without this check, an attacker could trick the user into signing a Stellar transaction moving their assets while thinking they are signing a ManageData transaction. Fixed in firmware 1.10.3.
Reported byStellar Development Foundation
Our blog post
Trezor Model One

Resolved vulnerabilities

Reported by community. Investigated. Resolved. Because your security is never optional.