ByteOS Network

Vulnerability Details :

CVE-2025-66692

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-20 Jan, 2026 | 00:00

Updated At-21 Jan, 2026 | 16:40

A buffer over-read in the PublicKey::verify() method of Binance - Trust Wallet Core before commit 5668c67 allows attackers to cause a Denial of Service (DoS) via a crafted input.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:20 Jan, 2026 | 00:00

Updated At:21 Jan, 2026 | 16:40

▼CVE Numbering Authority (CNA)

A buffer over-read in the PublicKey::verify() method of Binance - Trust Wallet Core before commit 5668c67 allows attackers to cause a Denial of Service (DoS) via a crafted input.

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
https://github.com/trustwallet/wallet-core/commit/5668c67	N/A
https://gist.github.com/inkman97/b791189338f73b758c31a7db3cd50c2d	N/A

Hyperlink: https://github.com/trustwallet/wallet-core/commit/5668c67

Resource: N/A

Hyperlink: https://gist.github.com/inkman97/b791189338f73b758c31a7db3cd50c2d

Resource: N/A

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Problem Types

Type	CWE ID	Description
CWE	CWE-126	CWE-126 Buffer Over-read

Type: CWE

CWE ID: CWE-126

Description: CWE-126 Buffer Over-read

Metrics

Version	Base score	Base severity	Vector
3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:20 Jan, 2026 | 21:16

Updated At:30 Jan, 2026 | 20:22

A buffer over-read in the PublicKey::verify() method of Binance - Trust Wallet Core before commit 5668c67 allows attackers to cause a Denial of Service (DoS) via a crafted input.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Type: Secondary

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CPE Matches

trustwallet>>trust_wallet_core>>Versions before 4.4.0(exclusive)

cpe:2.3:a:trustwallet:trust_wallet_core:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-126	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-126

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://gist.github.com/inkman97/b791189338f73b758c31a7db3cd50c2d	cve@mitre.org	Exploit Third Party Advisory
https://github.com/trustwallet/wallet-core/commit/5668c67	cve@mitre.org	Patch

Hyperlink: https://gist.github.com/inkman97/b791189338f73b758c31a7db3cd50c2d

Source: cve@mitre.org

Resource:

Exploit

Third Party Advisory

Hyperlink: https://github.com/trustwallet/wallet-core/commit/5668c67

Source: cve@mitre.org

Resource:

Patch

Similar CVEs

108Records found

CVE-2020-25853

Matching Score-4

Assigner-JFrog

View Details

Matching Score-4

Assigner-JFrog

CVSS Score-7.5||HIGH

EPSS-0.16% / 36.59%

7 Day CHG~0.00%

Published-03 Feb, 2021 | 16:49

Updated-04 Aug, 2024 | 15:49

The function CheckMic() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, _rt_md5_hmac_veneer() or _rt_hmac_sha1_veneer(), resulting in a stack buffer over-read which can be exploited for denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker does not need to know the network's PSK.

Vendor-n/a Realtek Semiconductor Corp.

Product-rtl8195a rtl8195a_firmware Realtek RTL8195A Wi-Fi Module

CWE ID-CWE-126

Buffer Over-read

CWE ID-CWE-125

Out-of-bounds Read

CVE-2025-47318

Matching Score-4

Assigner-Qualcomm, Inc.

View Details

Matching Score-4

Assigner-Qualcomm, Inc.

CVSS Score-7.5||HIGH

EPSS-0.07% / 21.28%

7 Day CHG~0.00%

Published-24 Sep, 2025 | 15:33

Updated-28 Nov, 2025 | 16:14

Buffer Over-read in BT Controller

Transient DOS while parsing the EPTM test control message to get the test pattern.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-126

Buffer Over-read

CVE-2023-28555

Matching Score-4

Assigner-Qualcomm, Inc.

View Details

Matching Score-4

Assigner-Qualcomm, Inc.

CVSS Score-7.5||HIGH

EPSS-0.15% / 35.70%

7 Day CHG~0.00%

Published-08 Aug, 2023 | 09:15

Updated-02 Aug, 2024 | 13:43

Buffer Over-read in Audio

Transient DOS in Audio while remapping channel buffer in media codec decoding.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-126

Buffer Over-read

CWE ID-CWE-125

Out-of-bounds Read

CVE-2023-21658

Matching Score-4

Assigner-Qualcomm, Inc.

View Details

Matching Score-4

Assigner-Qualcomm, Inc.

CVSS Score-7.5||HIGH

EPSS-0.17% / 37.05%

7 Day CHG~0.00%

Published-06 Jun, 2023 | 07:39

Updated-02 Aug, 2024 | 09:44

Buffer Over-Read in WLAN Firmware

Transient DOS in WLAN Firmware while processing the received beacon or probe response frame.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-126

Buffer Over-read

CWE ID-CWE-125

Out-of-bounds Read

CVE-2017-7668

Matching Score-4

Assigner-Apache Software Foundation

View Details

Matching Score-4

Assigner-Apache Software Foundation

CVSS Score-7.5||HIGH

EPSS-62.78% / 98.40%

7 Day CHG~0.00%

Published-20 Jun, 2017 | 01:00

Updated-13 May, 2026 | 00:24

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.