PT-2026-43797

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the MCTP Management Component Transport Protocol implementation where RTM GETNEIGH requests return uninitialized data within the padding bytes of the ndmsg data. This...

CVE-2026-40881 Zebra: addr/addrv2 Deserialization Resource Exhaustion

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-network version 5.0.1, when deserializing addr or addrv2 messages, which contain vectors of addresses, Zebra would fully deserialize them up to a maximum length over 233,000 that was derived from the 2 MiB...

CVE-2026-40881

Zebra/Zebrad deserialization flaw CVE-2026-40881: when parsing addr or addrv2 messages, Zebra would deserialize vectors of addresses up to about 233k entries due to MAX_ADDRS_IN_MESSAGE checking being performed after deserialization. This could exhaust memory and crash a node under network load. ...

zebra 安全漏洞

Zebra is an open-source implementation of Zcash full node written in Rust by the Zcash Foundation. Versions of Zebra prior to 4.3.0 and zebra-network prior to 5.0.1 contained security vulnerabilities. These vulnerabilities stemmed from the issue of allocating excessive memory before checking the...