zebra 数据伪造问题漏洞

Zebra is an open-source Zcash implementation built with Rust by the Zcash Foundation. Versions of Zebra prior to 4.4.0 had a data forgery vulnerability, which stemmed from insufficient error handling when sighash types were invalid, potentially leading to consensus splits...

GHSA-WWQ9-3CPR-MM53 Borsh serialization of HashMap is non-canonical

The borsh serialization of the HashMap did not follow the borsh specification. It potentially produced non-canonical encodings dependent on insertion order. It also did not perform canonicty checks on decoding. This can result in consensus splits and cause equivalent objects to be considered...

PT-2024-40947 · Softwarex · Softwarex

Name of the Vulnerable Software and Affected Versions: SoftwareX versions prior to 0.15.1 Description: The issue concerns the borsh serialization of the HashMap, which did not adhere to the borsh specification. This led to potential non-canonical encodings that depended on the insertion order, an...