Lucene search
K

573 matches found

OSV
OSV
added 2026/05/07 8:55 p.m.5 views

GHSA-438Q-JX8F-CCCV Zebra Vulnerable to Allocation Amplification in Inbound Network Deserializers

CVE-2026-44500: Allocation Amplification in Inbound Network Deserializers Summary Several inbound deserialization paths in Zebra allocated buffers sized against generic transport or block-size ceilings before the tighter protocol or consensus limits were enforced. An unauthenticated or...

5.3CVSS5.8AI score0.00362EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/05/07 8:55 p.m.14 views

Zebra Vulnerable to Allocation Amplification in Inbound Network Deserializers

CVE-2026-44500: Allocation Amplification in Inbound Network Deserializers Summary Several inbound deserialization paths in Zebra allocated buffers sized against generic transport or block-size ceilings before the tighter protocol or consensus limits were enforced. An unauthenticated or...

5.3CVSS5.8AI score0.00362EPSS
Exploits1References4Affected Software3
OSV
OSV
added 2026/05/07 8:54 p.m.6 views

GHSA-JV4H-J224-23CC Zebra's Block Validator Undercounts Coinbase and P2SH Sigops

Zebra's block validator undercounts transparent signature operations against the 20000-sigop block limit MAXBLOCKSIGOPS, allowing it to accept blocks that zcashd rejects with bad-blk-sigops. A miner who produces such a block can split the network: Zebra nodes follow the offending chain while zcas...

9.2CVSS5.7AI score0.00283EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/07 8:54 p.m.10 views

Zebra's Block Validator Undercounts Coinbase and P2SH Sigops

Zebra's block validator undercounts transparent signature operations against the 20000-sigop block limit MAXBLOCKSIGOPS, allowing it to accept blocks that zcashd rejects with bad-blk-sigops. A miner who produces such a block can split the network: Zebra nodes follow the offending chain while zcas...

9.2CVSS5.7AI score0.00283EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/04/21 8:17 p.m.14 views

CVE-2026-40880

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and zebra-consensus version 5.0.2, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By carefully submitting a transaction that is valid for height H+1 bu...

8.1CVSS0.00261EPSS
Exploits0References1
NVD
NVD
added 2026/04/21 8:17 p.m.7 views

CVE-2026-40881

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-network version 5.0.1, when deserializing addr or addrv2 messages, which contain vectors of addresses, Zebra would fully deserialize them up to a maximum length over 233,000 that was derived from the 2 MiB...

7.5CVSS0.00263EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/21 7:20 p.m.3 views

CVE-2026-40881 Zebra: addr/addrv2 Deserialization Resource Exhaustion

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-network version 5.0.1, when deserializing addr or addrv2 messages, which contain vectors of addresses, Zebra would fully deserialize them up to a maximum length over 233,000 that was derived from the 2 MiB...

6.3CVSS5.7AI score0.00263EPSS
Exploits0References1
CVE
CVE
added 2026/04/21 7:20 p.m.34 views

CVE-2026-40881

Zebra/Zebrad deserialization flaw CVE-2026-40881: when parsing addr or addrv2 messages, Zebra would deserialize vectors of addresses up to about 233k entries due to MAX_ADDRS_IN_MESSAGE checking being performed after deserialization. This could exhaust memory and crash a node under network load. ...

7.5CVSS5.7AI score0.00263EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2026/04/21 7:20 p.m.31 views

CVE-2026-40881 Zebra: addr/addrv2 Deserialization Resource Exhaustion

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-network version 5.0.1, when deserializing addr or addrv2 messages, which contain vectors of addresses, Zebra would fully deserialize them up to a maximum length over 233,000 that was derived from the 2 MiB...

6.3CVSS0.00263EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/21 7:18 p.m.2 views

CVE-2026-40880 Zebra: Cached Mempool Verification Bypasses Consensus Rules for Ahead-of-Tip Blocks

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and zebra-consensus version 5.0.2, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By carefully submitting a transaction that is valid for height H+1 bu...

7.2CVSS5.8AI score0.00261EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/21 7:18 p.m.32 views

CVE-2026-40880 Zebra: Cached Mempool Verification Bypasses Consensus Rules for Ahead-of-Tip Blocks

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and zebra-consensus version 5.0.2, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By carefully submitting a transaction that is valid for height H+1 bu...

7.2CVSS0.00261EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.9 views

zebra 安全漏洞

Zebra is an open-source implementation of Zcash full node written in Rust by the Zcash Foundation. There is a security vulnerability in Zebra, which stems from a logical error in the transaction verification caching mechanism. This vulnerability could potentially allow malicious miners to...

8.1CVSS5.8AI score0.00261EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.8 views

zebra 安全漏洞

Zebra is an open-source implementation of Zcash full node written in Rust by the Zcash Foundation. Versions of Zebra prior to 4.3.0 and zebra-network prior to 5.0.1 contained security vulnerabilities. These vulnerabilities stemmed from the issue of allocating excessive memory before checking the...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/18 1:15 a.m.11 views

Zebra Vulnerable to Consensus Divergence in Transparent Sighash Hash-Type Handling

CVE-2026-41583: Consensus Divergence in Transparent Sighash Hash-Type Handling Summary After a refactoring, Zebra failed to validate a consensus rule that restricted the possible values of sighash hash types for V5 transactions which were enabled in the NU5 network upgrade. Zebra nodes could thus...

9.3CVSS5.8AI score0.00278EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2026/04/18 1:15 a.m.7 views

GHSA-29X4-R6JV-FF4W Zebra Vulnerable to Denial of Service via Interrupted JSON-RPC Requests from Authenticated Clients

A vulnerability in Zebra's JSON-RPC HTTP middleware allows an authenticated RPC client to cause a Zebra node to crash by disconnecting before the request body is fully received. The node treats the failure to read the HTTP request body as an unrecoverable error and aborts the process instead of...

6.9CVSS5.7AI score0.00257EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/18 1:15 a.m.11 views

Zebra Vulnerable to Denial of Service via Interrupted JSON-RPC Requests from Authenticated Clients

A vulnerability in Zebra's JSON-RPC HTTP middleware allows an authenticated RPC client to cause a Zebra node to crash by disconnecting before the request body is fully received. The node treats the failure to read the HTTP request body as an unrecoverable error and aborts the process instead of...

6.9CVSS5.7AI score0.00257EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2026/04/18 1:14 a.m.4 views

GHSA-452V-W3GX-72WG Zebra has rk Identity Point Panic in Transaction Verification

rk Identity Point Panic in Transaction Verification Summary Orchard transactions contain a rk field which is a randomized validating key and also an elliptic curve point. The Zcash specification allows the field to be the identity a "zero" value, however, the orchard crate which is used to verify...

9.2CVSS5.7AI score0.00268EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/18 1:14 a.m.10 views

Zebra has rk Identity Point Panic in Transaction Verification

rk Identity Point Panic in Transaction Verification Summary Orchard transactions contain a rk field which is a randomized validating key and also an elliptic curve point. The Zcash specification allows the field to be the identity a "zero" value, however, the orchard crate which is used to verify...

9.2CVSS5.7AI score0.00268EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2026/04/18 12:42 a.m.9 views

GHSA-XR93-PCQ3-PXF8 Zebra: addr/addrv2 Deserialization Resource Exhaustion

CVE-2026-40881: addr/addrv2 Deserialization Resource Exhaustion Summary When deserializing addr or addrv2 messages, which contain vectors of addresses, Zebra would fully deserialize them up to a maximum length over 233,000 that was derived from the 2 MiB message size limit. This is much larger th...

6.3CVSS5.7AI score0.00263EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/18 12:42 a.m.11 views

Zebra: addr/addrv2 Deserialization Resource Exhaustion

CVE-2026-40881: addr/addrv2 Deserialization Resource Exhaustion Summary When deserializing addr or addrv2 messages, which contain vectors of addresses, Zebra would fully deserialize them up to a maximum length over 233,000 that was derived from the 2 MiB message size limit. This is much larger th...

7.5CVSS5.7AI score0.00263EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder