24 matches found
CVE-2026-34377 Zebra has a Consensus Failure due to Improper Verification of V5 Transactions
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-consensus version 5.0.1, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By matching a valid transaction's txid while providing invalid...
EUVD-2022-6683
Malicious code in bioql PyPI...
CVE-2020-8806
Electric Coin Company Zcashd before 2.1.1-1 allows attackers to trigger consensus failure and double spending. A valid chain could be incorrectly rejected because timestamp requirements on block headers were not properly enforced...
GO-2024-3189 Consensus failure in github.com/btcsuite/btcd
The btcd Bitcoin client versions 0.10 to 0.24 did not correctly re-implement Bitcoin Core's 'FindAndDelete' functionality, causing discrepancies in the validation of Bitcoin blocks. This can lead to a chain split accepting an invalid block or Denial of Service DoS attacks rejecting a valid block...
CVE-2024-38365 btcd did not correctly re-implement Bitcoin Core's "FindAndDelete()" functionality
btcd is an alternative full node bitcoin implementation written in Go golang. The btcd Bitcoin client versions 0.10 to 0.24 did not correctly re-implement Bitcoin Core's "FindAndDelete" functionality. This logic is consensus-critical: the difference in behavior with the other Bitcoin clients can...
CVE-2022-36025
Besu is a Java-based Ethereum client. In versions newer than 22.1.3 and prior to 22.7.1, Besu is subject to an Incorrect Conversion between Numeric Types. An error in 32 bit signed and unsigned types in the calculation of available gas in the CALL operations including DELEGATECALL results in...
Code injection
Besu is a Java-based Ethereum client. In versions newer than 22.1.3 and prior to 22.7.1, Besu is subject to an Incorrect Conversion between Numeric Types. An error in 32 bit signed and unsigned types in the calculation of available gas in the CALL operations including DELEGATECALL results in...
CVE-2022-36025 Incorrect Conversion between Numeric Types in Besu Ethereum Client
Besu is a Java-based Ethereum client. In versions newer than 22.1.3 and prior to 22.7.1, Besu is subject to an Incorrect Conversion between Numeric Types. An error in 32 bit signed and unsigned types in the calculation of available gas in the CALL operations including DELEGATECALL results in...
CVE-2022-36025
Besu (Java-based Ethereum client) contains a numeric conversion bug in gas calculation for CALL/DELEGATECALL, affecting versions after 22.1.3 and before 22.7.1. The error in 32-bit signed/unsigned arithmetic can pass incorrect gas to called contracts and return gas, potentially causing a differin...
CVE-2022-36025 Incorrect Conversion between Numeric Types in Besu Ethereum Client
Besu is a Java-based Ethereum client. In versions newer than 22.1.3 and prior to 22.7.1, Besu is subject to an Incorrect Conversion between Numeric Types. An error in 32 bit signed and unsigned types in the calculation of available gas in the CALL operations including DELEGATECALL results in...
GHSA-4456-W38R-M53X Besu VM vulnerable to gas allocation error in CALL operations
Impact An error in 32 bit signed and unsigned types in the calculation of available gas in the CALL operations including DELEGATECALL results in incorrect gas being passed into called contracts and incorrect gas being returned after call execution. Where the amount of gas makes a difference in th...
Besu VM vulnerable to gas allocation error in CALL operations
Impact An error in 32 bit signed and unsigned types in the calculation of available gas in the CALL operations including DELEGATECALL results in incorrect gas being passed into called contracts and incorrect gas being returned after call execution. Where the amount of gas makes a difference in th...
PT-2022-23124 · Besu · Besu
Name of the Vulnerable Software and Affected Versions: Besu versions 22.1.4 through 22.7.0 Description: The issue is related to an incorrect conversion between numeric types in the calculation of available gas in CALL operations, including DELEGATECALL. This results in incorrect gas being passed...
GHSA-2P6R-37P9-89P2 Authz Module Non-Determinism
Impact Consensus failure for 0.43.x and 0.44.0,1 users. Funds and balances are safe. Patches 0.44.2 Workarounds Manually patch the code. --- Full details posted in https://forum.cosmos.network/t/cosmos-sdk-vulnerability-retrospective-security-advisory-jackfruit-october-12-2021/5349...
Authz Module Non-Determinism
Impact Consensus failure for 0.43.x and 0.44.0,1 users. Funds and balances are safe. Patches 0.44.2 Workarounds Manually patch the code. --- Full details posted in https://forum.cosmos.network/t/cosmos-sdk-vulnerability-retrospective-security-advisory-jackfruit-october-12-2021/5349...
CVE-2020-8806
Electric Coin Company Zcashd before 2.1.1-1 allows attackers to trigger consensus failure and double spending. A valid chain could be incorrectly rejected because timestamp requirements on block headers were not properly enforced...
CVE-2020-8806
Electric Coin Company Zcashd before 2.1.1-1 allows attackers to trigger consensus failure and double spending. A valid chain could be incorrectly rejected because timestamp requirements on block headers were not properly enforced...
CVE-2020-8806
Electric Coin Company Zcashd before 2.1.1-1 allows attackers to trigger consensus failure and double spending. A valid chain could be incorrectly rejected because timestamp requirements on block headers were not properly enforced...
Design/Logic Flaw
Electric Coin Company Zcashd before 2.1.1-1 allows attackers to trigger consensus failure and double spending. A valid chain could be incorrectly rejected because timestamp requirements on block headers were not properly enforced...
CVE-2020-8806
CVE-2020-8806 affects Electric Coin Company Zcashd (before 2.1.1-1). The root cause is improper enforcement of timestamp requirements on block headers, which could cause a valid chain to be rejected, enabling consensus failure and potential double spending. A fix is available in 2.1.1-1 (and hotf...