Lucene search
+L

7 matches found

Cvelist
Cvelist
added yesterday27 views

CVE-2026-54496 Missing copy constraint in halo2_gadgets variable-base scalar multiplication allows under-constrained base, breaking Orchard Action circuit soundness

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad 5.0.0, halo2gadgets 0.5.0, orchard 0.14.0, zcashprimitives 0.28.0, and zcashd 6.20.0, the variable-base scalar multiplication gadget in halo2gadgets/src/ecc/chip/mul/incomplete.rs used assignadvice for the base point without a copy...

9.3CVSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/05/15 1:57 a.m.12 views

CVE-2026-44498

ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, Zebra's block validator undercounts transparent signature operations against the 20000-sigop block limit MAXBLOCKSIGOPS, allowing it to accept blocks that zcashd rejects with bad-blk-sigops. A miner who produces such a block...

9.2CVSS5.7AI score0.00283EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/08 3:6 p.m.17 views

EUVD-2026-28655

ZEBRA is a Zcash node written entirely in Rust. From zebrad versions 2.2.0 to before 4.3.1 and from zebra-rpc versions 1.0.0-beta.45 to before 6.0.2, a vulnerability in Zebra's JSON-RPC HTTP middleware allows an authenticated RPC client to cause a Zebra node to crash by disconnecting before the...

6.9CVSS5.8AI score0.00257EPSS
Exploits0References1
OSV
OSV
added 2026/05/08 3:5 p.m.3 views

CVE-2026-41584 ZEBRA: rk Identity Point Panic in Transaction Verification

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-chain version 6.0.2, Orchard transactions contain a rk field which is a randomized validating key and also an elliptic curve point. The Zcash specification allows the field to be the identity a "zero"...

9.2CVSS5.9AI score0.00268EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.19 views

PT-2026-39149

Name of the Vulnerable Software and Affected Versions ZEBRA versions prior to 4.4.0 Description A composite denial-of-service issue in the block discovery pipeline allows an unauthenticated remote attacker to permanently stop all new block discovery on a targeted node. The attack leverages three...

8.7CVSS5.8AI score0.00351EPSS
Exploits0References7
OSV
OSV
added 2026/04/21 7:18 p.m.3 views

CVE-2026-40880 Zebra: Cached Mempool Verification Bypasses Consensus Rules for Ahead-of-Tip Blocks

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and zebra-consensus version 5.0.2, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By carefully submitting a transaction that is valid for height H+1 bu...

7.2CVSS6AI score0.00261EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/01 5:3 p.m.5 views

CVE-2026-34377

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-consensus version 5.0.1, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By matching a valid transaction's txid while providing invalid...

8.4CVSS5.7AI score0.00255EPSS
Exploits1References1
Rows per page
Query Builder