{"id":"CVE-2020-6861","details":"A flawed protocol design in the Ledger Monero app before 1.5.1 for Ledger Nano and Ledger S devices allows a local attacker to extract the master spending key by sending crafted messages to this app selected on a PIN-entered Ledger connected to a host PC.","modified":"2026-04-11T13:53:25.804247Z","published":"2020-05-06T14:15:11.083Z","references":[{"type":"EVIDENCE","url":"https://deadcode.me/blog/2020/04/25/Ledger-Monero-app-spend-key-extraction.html"},{"type":"EVIDENCE","url":"https://donjon.ledger.com/lsb/008/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ledgerhq/app-monero","events":[{"introduced":"0"},{"fixed":"63e6831c8062da5c94b96ddca877b397464a582f"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.5.1"}]}}],"versions":["1.0.0","1.1.0","1.1.1","1.1.2","1.1.3","1.2.0","1.2.1","1.2.2","1.3.0","1.3.1","1.4.0-alpha1","1.4.0-alpha2","1.4.1","1.4.2","1.5.0","Beta1","Beta2","Beta3","Beta4","Beta5"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["101741386905829353390738821569549687821","229090205630727460719228199548747180290","22077540944309426620964614272921675852","285395983083939586261017318037235051181"]},"target":{"file":"src/monero_open_tx.c"},"source":"https://github.com/ledgerhq/app-monero/commit/63e6831c8062da5c94b96ddca877b397464a582f","signature_type":"Line","id":"CVE-2020-6861-1d54e770","deprecated":false},{"signature_version":"v1","digest":{"length":246,"function_hash":"113563531168246943257164532100527837457"},"target":{"file":"src/monero_open_tx.c","function":"monero_apdu_open_tx"},"source":"https://github.com/ledgerhq/app-monero/commit/63e6831c8062da5c94b96ddca877b397464a582f","signature_type":"Function","id":"CVE-2020-6861-26b7a063","deprecated":false},{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["45368085189849241846371384634707785861","76074305106806271853893752226834569509","336782104617801452773831128018564400872","76446207293541156956980447980398319837","126859190297950555234972935200095419835","16471406417976635148268064813046687011"]},"target":{"file":"src/monero_ux_nano.c"},"source":"https://github.com/ledgerhq/app-monero/commit/63e6831c8062da5c94b96ddca877b397464a582f","signature_type":"Line","id":"CVE-2020-6861-67232e9b","deprecated":false},{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["285884109718157205990155085200126671806","76074305106806271853893752226834569509","228578609159770551741535275556781084005","159287416375869182679674429704463080556","76446207293541156956980447980398319837","17034398394533678339953578823210019125","114072379502219694448221604967310847693"]},"target":{"file":"src/monero_ux_nanos.c"},"source":"https://github.com/ledgerhq/app-monero/commit/63e6831c8062da5c94b96ddca877b397464a582f","signature_type":"Line","id":"CVE-2020-6861-bf4f7eb7","deprecated":false}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-6861.json","vanir_signatures_modified":"2026-04-11T13:53:25Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}