CVE-2023-7346

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

4.0 / 10

Vector String

                                        CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N                                    

Vulnerability Description

Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivation vulnerability that allows attackers to cause incorrect Bitcoin addresses to be displayed by exploiting improper handling of miniscript policies containing the a: fragment. Attackers can craft malicious miniscript policies that cause the device to derive and display incorrect receiving addresses, potentially leading to funds being sent to unintended addresses.

Vulnerability Details

Published Date

May 20, 2026

Last Modified

May 20, 2026

CWE ID

CWE-682

Source

NVD

External References

https://donjon.ledger.com/lsb/019/
https://www.vulncheck.com/advisories/ledger-bitcoin-app-address-derivation-error-via-miniscript

CVE-2023-7346

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment