CVE-2018-6875

Published: Mar 14, 2018Modified: Jun 17, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Format String vulnerability in KeepKey version 4.0.0 allows attackers to trigger information display (of information that should not be accessible), related to text containing characters that the device's font lacks.

Affected (1)

Products: Shapeshift: Keepkey Firmware

Shapeshift

1 product

Keepkey Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Shapeshift Keepkey Firmware	Version 4.0.0

Running on/with	Platform Versions
Keepkey Keepkey	All versions

Related CWEs

CWE-134

Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

References (2)

https://www.keepkey.com/2018/03/09/security-updates-responsible-disclosure/

Source: cve@mitre.org

Vendor Advisory

https://www.keepkey.com/2018/03/09/security-updates-responsible-disclosure/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.