CVE-2023-7346 Overview
CVE-2023-7346 affects the Ledger Bitcoin application versions 2.1.0 and 2.1.1. The vulnerability resides in how the app processes miniscript policies that contain the a: fragment. Improper handling of this fragment causes the device to derive and display incorrect Bitcoin receiving addresses. An attacker who supplies a crafted miniscript policy can trick the user into approving an address that does not match the intended destination. Funds sent to the displayed address may end up at an attacker-controlled location. The flaw is classified under [CWE-682] (Incorrect Calculation).
Critical Impact
Crafted miniscript policies cause Ledger hardware wallets to display incorrect receiving addresses, potentially redirecting Bitcoin transactions to attacker-controlled destinations.
Affected Products
- Ledger Bitcoin app version 2.1.0
- Ledger Bitcoin app version 2.1.1
- Ledger hardware wallets running the affected Bitcoin app versions
Discovery Timeline
- 2026-05-20 - CVE-2023-7346 published to NVD
- 2026-05-20 - Last updated in NVD database
Technical Details for CVE-2023-7346
Vulnerability Analysis
The Ledger Bitcoin app supports miniscript, a structured language for expressing Bitcoin script spending conditions. Miniscript policies use fragments such as a:, s:, c:, and d: to wrap sub-expressions and modify script semantics. The a: fragment wraps a child expression with OP_TOALTSTACK and OP_FROMALTSTACK, altering stack handling during script evaluation.
In versions 2.1.0 and 2.1.1, the app mishandles policies that include the a: fragment during address derivation. The derivation routine computes a script that does not match the script the user expects from the registered wallet policy. As a result, the address shown on the device screen differs from the address that the user-approved policy should produce.
The trust model of a hardware wallet depends on the displayed address being authoritative. When derivation diverges from policy semantics, that trust assumption breaks.
Root Cause
The root cause is an incorrect calculation in the miniscript-to-script translation logic for the a: wrapper. The app fails to apply the fragment's semantics consistently when deriving the receive script, producing a script hash and corresponding address that do not reflect the registered policy.
Attack Vector
Exploitation requires physical access conditions and user interaction. An attacker convinces the user to register or use a malicious miniscript wallet policy containing the a: fragment. The device then displays an incorrect receiving address derived from the flawed translation. Funds sent to that address are controlled by the script the attacker actually crafted, not the one the user believes was approved.
No verified public exploit code is available. Refer to the Ledger Security Bulletin and the VulnCheck Security Advisory for technical details.
Detection Methods for CVE-2023-7346
Indicators of Compromise
- Ledger Bitcoin app reporting version 2.1.0 or 2.1.1 in device settings.
- Registered wallet policies that include the miniscript a: fragment from an untrusted source.
- Receiving addresses on the device that do not match independently derived addresses from the same policy.
Detection Strategies
- Audit installed Ledger app versions across managed devices and flag any instance of Bitcoin app 2.1.0 or 2.1.1.
- Cross-verify addresses generated by the device against an independent miniscript implementation before sending funds.
- Review wallet policy registrations for unexpected miniscript fragments, particularly a: wrappers introduced by third parties.
Monitoring Recommendations
- Track Ledger firmware and app version inventory for treasury or custodial environments.
- Log all wallet policy registrations and require dual-control review for policies containing miniscript constructs.
- Reconcile on-chain deposit addresses against expected derivations on a recurring schedule.
How to Mitigate CVE-2023-7346
Immediate Actions Required
- Update the Ledger Bitcoin app to a version later than 2.1.1 using Ledger Live.
- Avoid registering or using miniscript wallet policies received from untrusted parties until updated.
- Verify receiving addresses against an independent derivation tool before initiating any transfers.
Patch Information
Ledger has addressed the address derivation error in Bitcoin app versions released after 2.1.1. See the Ledger Security Bulletin for the official advisory and fixed version guidance.
Workarounds
- Refrain from using miniscript policies containing the a: fragment on affected app versions.
- Use standard, non-miniscript wallet descriptors until the app is updated.
- Perform small test transactions and confirm receipt at the expected address before transferring significant amounts.
# Verify the installed Ledger Bitcoin app version via Ledger Live,
# then update to the latest release:
# 1. Open Ledger Live
# 2. Navigate to Manager
# 3. Connect and unlock the device
# 4. Update the Bitcoin app to a version greater than 2.1.1
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
