Buffer overflow in bech32_decode/cash_decode #23
Closed
tsusanka
announced in
Past Security Issues
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Details
The C reference implementation for bech32 has an unsigned integer overflow that can lead to a buffer overflow. The bug was fixed by preventing the out-of-bounds accesses in the code. Later, gabriel Campana reported the same issue in cash_decode function, which was fixed in the same firmware update.
Fix
trezor/trezor-firmware@5c6b472 and trezor/trezor-firmware@2bbbc3e
Read more
Beta Was this translation helpful? Give feedback.
All reactions