Back to security portal
Insufficient field size check in Protobuf
Reported on July 12, 2021
Without this check, an attacker could trick the user into signing a Stellar transaction moving their assets while thinking they are signing a ManageData transaction. Fixed in firmware 1.10.3.
Reported by reporterAlias
Resolved vulnerabilities
Reported by the community. Investigated. Resolved. Because your security is never optional.
- Biometric Verification bypassed in Trezor Suite with external monitorMarch 9, 2026
- Inability to cancel certain flows on pre-production firmwareOctober 31, 2025
- Fix side-channel in BIP-39 mnemonic processing when unlockedSeptember 24, 2025
- Donjon's Trezor Safe 3 evaluationNovember 12, 2024
- Missing confirmation in the ECDHSessionKey callNovember 26, 2023
- XSS in Trezor Connect legacy versionsFebruary 7, 2023