CVE-2023-7345
6.5 MEDIUMLedger Live with vulnerable versions of ledgerhq/hw-app-eth prior to 6.34.7 contains an integer parsing vulnerability that allows attacke...
Published: 2026-05-19 · Last updated: 2026-05-20
Severity and scoring
- CVSS
- 6.5 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
- CWE
- CWE-704
Description
Ledger Live with vulnerable versions of ledgerhq/hw-app-eth prior to 6.34.7 contains an integer parsing vulnerability that allows attackers to manipulate EIP-712 typed data messages by exploiting incorrect hexadecimal field parsing when values contain an odd number of characters. Attackers can obtain signatures on truncated or misinterpreted message values to authorize unintended blockchain transactions, such as asset transfers at incorrect amounts.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-46690 — unbounded_spsc is an "unbounded" extension of bounded_spsc_queue (5.8 MEDIUM)
- CVE-2026-45685 — OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard (7.5 HIGH)
- CVE-2026-44324 — free5GC is an open-source implementation of the 5G core network (6.5 MEDIUM)
- CVE-2026-46597 — An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs (7.5 HIGH)
- CVE-2020-11725 — snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info->owner line, which later affects a private_si... (7.8 HIGH)