Vulnerability in Ledger Live Affects Bitcoin Transaction Handling
CVE-2020-12119

8.1HIGH

Key Information:

Vendor: Ledger
Status: Ledger Live
Vendor: CVE Published:; 2 July 2020

What is CVE-2020-12119?

Ledger Live versions before 2.7.0 improperly manage Bitcoin transactions by allowing users' balances to increase with unconfirmed transactions. This flaw does not reduce the balance if the transaction is canceled, making users susceptible to double spending and Denial of Service (DoS) attacks without their consent. This issue emphasizes the need for better transaction verification to ensure user integrity and security.

References

https://donjon.ledger.com/lsb/012/

x_refsource_CONFIRM

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 2, 2020
Vulnerability Reserved
Apr 23, 2020

CVE-2020-12119 Data

JSON