CVE-2019-16992
First published: Sun Sep 29 2019(Updated: )
The Keybase app 2.13.2 for iOS provides potentially insufficient notice that it is employing a user's private key to sign a certain cryptocurrency attestation (that an address at keybase.io can be used for Stellar payments to the user), which might be incompatible with a user's personal position on the semantics of an attestation.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Keybase Keybase | =2.13.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2019-16992.
What is the affected software?
The affected software is Keybase app version 2.13.2 for iOS.
What is the severity of CVE-2019-16992?
The severity of CVE-2019-16992 is high, with a severity value of 7.5.
What is the potential impact of this vulnerability?
This vulnerability could allow an attacker to use a user's private key without sufficient notice, potentially compromising the user's personal position on cryptocurrency.
Are there any patches or fixes available for this vulnerability?
At the moment, there are no specific patches or fixes available for this vulnerability. It is recommended to update to the latest version of the Keybase app and follow any official announcements from the vendor.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/keybase
- canonical/keybase keybase
- version/keybase keybase/2.13.2