Lucene search
K

40 matches found

OSV
OSV
added 2026/04/18 1:15 a.m.3 views

GHSA-8M29-FPQ5-89JJ Zebra Vulnerable to Consensus Divergence in Transparent Sighash Hash-Type Handling

CVE-2026-41583: Consensus Divergence in Transparent Sighash Hash-Type Handling Summary After a refactoring, Zebra failed to validate a consensus rule that restricted the possible values of sighash hash types for V5 transactions which were enabled in the NU5 network upgrade. Zebra nodes could thus...

9.3CVSS5.8AI score0.00278EPSS
Exploits0References4
OSV
OSV
added 2026/04/18 12:41 a.m.4 views

GHSA-XVJ8-PH7X-65GF Zebra: Cached Mempool Verification Bypasses Consensus Rules for Ahead-of-Tip Blocks

CVE-2026-40880: Cached Mempool Verification Bypasses Consensus Rules for Ahead-of-Tip Blocks Summary A logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By carefully submitting a transaction that is valid for height H+1 but invalid fo...

7.2CVSS5.8AI score0.00261EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/18 12:0 a.m.10 views

PT-2026-37129

Name of the Vulnerable Software and Affected Versions zebrad versions prior to 4.3.1 zebra-script versions prior to 5.0.2 Description Following a refactoring of the verification process for transparent transactions, Zebra failed to validate a consensus rule restricting the possible values of...

9.3CVSS5.8AI score0.00278EPSS
Exploits0References14
RedhatCVE
RedhatCVE
added 2026/04/01 5:3 p.m.4 views

CVE-2026-34377

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-consensus version 5.0.1, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By matching a valid transaction's txid while providing invalid...

8.4CVSS5.7AI score0.00255EPSS
Exploits1References1
NVD
NVD
added 2026/03/31 3:16 p.m.8 views

CVE-2026-34377

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-consensus version 5.0.1, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By matching a valid transaction's txid while providing invalid...

8.4CVSS0.00255EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/31 2:5 p.m.5 views

CVE-2026-34377

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-consensus version 5.0.1, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By matching a valid transaction's txid while providing invalid...

8.4CVSS5.7AI score0.00255EPSS
Exploits1References4Affected Software2
Cvelist
Cvelist
added 2026/03/31 2:5 p.m.22 views

CVE-2026-34377 Zebra has a Consensus Failure due to Improper Verification of V5 Transactions

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-consensus version 5.0.1, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By matching a valid transaction's txid while providing invalid...

8.4CVSS0.00255EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/31 2:5 p.m.2 views

CVE-2026-34377 Zebra has a Consensus Failure due to Improper Verification of V5 Transactions

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-consensus version 5.0.1, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By matching a valid transaction's txid while providing invalid...

8.4CVSS5.7AI score0.00255EPSS
Exploits1References3
OSV
OSV
added 2026/03/31 2:5 p.m.5 views

CVE-2026-34377 Zebra has a Consensus Failure due to Improper Verification of V5 Transactions

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-consensus version 5.0.1, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By matching a valid transaction's txid while providing invalid...

8.4CVSS5.7AI score0.00255EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/03/30 7:13 p.m.36 views

Zebra has a Consensus Failure due to Improper Verification of V5 Transactions

--- CVE-2026-34377: Consensus Failure via Crafted V5 Authorization Data Summary A logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By matching a valid transaction's txid while providing invalid authorization data, a miner could cause...

8.4CVSS5.9AI score0.00255EPSS
Exploits1References6Affected Software2
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.9 views

PT-2026-29168

--- CVE-2026-34377: Consensus Failure via Crafted V5 Authorization Data Summary A logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By matching a valid transaction's txid while providing invalid authorization data, a miner could cause...

8.4CVSS5.9AI score0.00255EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-3638

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01228EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/02/06 12:0 a.m.7 views

CVE-2022-29219

Lodestar is a TypeScript implementation of the Ethereum Consensus specification. Prior to version 0.36.0, there is a possible consensus split given maliciously-crafted AttesterSlashing or ProposerSlashing being included on-chain. Because the developers represent uint64 values as native javascript...

7.5CVSS6.6AI score0.01228EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/05/24 10:21 p.m.34 views

AttesterSlashing number overflow

Impact Possible consensus split given maliciously-crafted AttesterSlashing or ProposerSlashing being included on-chain. Since we represent uint64 values as native javascript numbers, there is an issue when those variables with large greater than 2^53 uint64 values are included on chain. In those...

7.5CVSS7.2AI score0.01228EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/24 10:21 p.m.16 views

GHSA-CVJ7-5F3C-9VG9 AttesterSlashing number overflow

Impact Possible consensus split given maliciously-crafted AttesterSlashing or ProposerSlashing being included on-chain. Since we represent uint64 values as native javascript numbers, there is an issue when those variables with large greater than 2^53 uint64 values are included on chain. In those...

7.5CVSS7.4AI score0.01228EPSS
Exploits0References5
NVD
NVD
added 2022/05/24 3:15 p.m.45 views

CVE-2022-29219

Lodestar is a TypeScript implementation of the Ethereum Consensus specification. Prior to version 0.36.0, there is a possible consensus split given maliciously-crafted AttesterSlashing or ProposerSlashing being included on-chain. Because the developers represent uint64 values as native javascript...

7.5CVSS0.01228EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/05/24 2:15 p.m.45 views

CVE-2022-29219 Integer Overflow in Lodestar

Lodestar is a TypeScript implementation of the Ethereum Consensus specification. Prior to version 0.36.0, there is a possible consensus split given maliciously-crafted AttesterSlashing or ProposerSlashing being included on-chain. Because the developers represent uint64 values as native javascript...

7.5CVSS7.7AI score0.01228EPSS
Exploits0References3
OSV
OSV
added 2022/05/24 2:15 p.m.40 views

CVE-2022-29219 Integer Overflow in Lodestar

Lodestar is a TypeScript implementation of the Ethereum Consensus specification. Prior to version 0.36.0, there is a possible consensus split given maliciously-crafted AttesterSlashing or ProposerSlashing being included on-chain. Because the developers represent uint64 values as native javascript...

7.5CVSS7.4AI score0.01228EPSS
Exploits0References5
CVE
CVE
added 2022/05/24 2:15 p.m.95 views

CVE-2022-29219

Lodestar (TypeScript Ethereum Consensus) before v0.36.0 is vulnerable due to using native JavaScript numbers for uint64 values in AttesterSlashing/ProposerSlashing, causing rounding errors for large values (>2^53). This can yield consensus splits or valid Slashing being treated as invalid, pot...

7.5CVSS7.4AI score0.01228EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2022/05/24 12:0 a.m.5 views

Lodestar 输入验证错误漏洞

Lodestar is a TypeScript implementation of Ethernet consensus. Versions of Lodestar prior to 0.36.0 suffer from an input validation error vulnerability that stems from the inclusion of maliciously crafted AttesterSlashing or ProposerSlashing on the chain, which may have a consensus split...

7.5CVSS7.3AI score0.01228EPSS
Exploits0References4
Rows per page
Query Builder