6.9
CVE-2023-7345
- EPSS 0.26%
- Veröffentlicht 19.05.2026 21:55:51
- Zuletzt bearbeitet 20.05.2026 14:16:35
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
Ledger Live hw-app-eth EIP-712 Message Parsing Integer Truncation
Ledger Live with vulnerable versions of ledgerhq/hw-app-eth prior to 6.34.7 contains an integer parsing vulnerability that allows attackers to manipulate EIP-712 typed data messages by exploiting incorrect hexadecimal field parsing when values contain an odd number of characters. Attackers can obtain signatures on truncated or misinterpreted message values to authorize unintended blockchain transactions, such as asset transfers at incorrect amounts.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLedger
≫
Produkt
ledgerhq/hw-app-eth
Default Statusunaffected
Version
0
Version <
6.34.7
Status
affected
HerstellerLedger
≫
Produkt
Ledger Live
Default Statusunaffected
Version
0
Version <
2.70.0
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.26% | 0.174 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| disclosure@vulncheck.com | 6.9 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| disclosure@vulncheck.com | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
|
CWE-704 Incorrect Type Conversion or Cast
The product does not correctly convert an object, resource, or structure from one type to a different type.
https://www.vulncheck.com/advisories/ledger-live-hw-app-eth-eip-712-message-parsing-integer-truncation
https://donjon.ledger.com/lsb/020/