CVE-2023-7346

Published: Mag 20, 2026 Last Modified: Mag 20, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 4,1

Source: [email protected]

Attack Vector: physical

Attack Complexity: high

Privileges Required: none

User Interaction: active

Confidentiality: N/A

Integrity: N/A

Availability: N/A

MEDIUM 4,0

Source: [email protected]

Attack Vector: physical

Attack Complexity: high

Privileges Required: none

User Interaction: required

Scope: unchanged

Confidentiality: none

Integrity: high

Availability: none

Description

AI Translation Available

Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivation vulnerability that allows attackers to cause incorrect Bitcoin addresses to be displayed by exploiting improper handling of miniscript policies containing the a: fragment. Attackers can craft malicious miniscript policies that cause the device to derive and display incorrect receiving addresses, potentially leading to funds being sent to unintended addresses.

682

Incorrect Calculation

Draft

Abstraction: Pillar Structure: Simple

Common Consequences

Security Scopes Affected:

Availability Integrity Confidentiality Access Control

Potential Impacts:

Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Other) Execute Unauthorized Code Or Commands Gain Privileges Or Assume Identity Bypass Protection Mechanism

Applicable Platforms

All platforms may be affected

Likelihood of Exploit: High

View CWE Details

https://donjon.ledger.com/lsb/019/

https://www.vulncheck.com/advisories/ledger-bitcoin-app-add…

https://www.vulncheck.com/advisories/ledger-bitcoin-app-address-derivation-erro…

CVE-2023-7346

Description

Incorrect Calculation

Common Consequences

Applicable Platforms

Iscriviti alla newsletter