CVE-2023-7346

MEDIUM

Ledger Bitcoin App 2.1.0 Address Derivation Error via Miniscript

Title source: cna

Description

Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivation vulnerability that allows attackers to cause incorrect Bitcoin addresses to be displayed by exploiting improper handling of miniscript policies containing the a: fragment. Attackers can craft malicious miniscript policies that cause the device to derive and display incorrect receiving addresses, potentially leading to funds being sent to unintended addresses.

References (2)

Core 2

Core References

Vendor Advisory vendor-advisory

Ledger Security Bulletin 019

https://donjon.ledger.com/lsb/019/

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/ledger-bitcoin-app-address-derivation-error-via-miniscript

Scores

CVSS v3 4.0

EPSS 0.0014

EPSS Percentile 3.7%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-682

Status published

Products (3)

Ledger/Ledger Bitcoin app 2.1.0

Ledger/Ledger Bitcoin app 2.1.1

Ledger/Ledger Bitcoin app 2.1.2

Published May 20, 2026

Tracked Since May 20, 2026