Zebra v4.4.0 still accepts V5 SIGHASH_SINGLE without a corresponding output

Consensus Divergence in V5 Transparent SIGHASHSINGLE With No Corresponding Output Summary Zebra failed to enforce a ZIP-244 consensus rule for V5 transparent transactions: when an input is signed with SIGHASHSINGLE and there is no transparent output at the same index as that input, validation mus...

Zebra has Consensus Divergence in Transparent Sighash Hash-Type Handling due to Stale Buffer

CVE-2026-44497: Consensus Divergence in Transparent Sighash Hash-Type Handling due to Stale Buffer Summary The fix for https://github.com/ZcashFoundation/zebra/security/advisories/GHSA-8m29-fpq5-89jj introduced a separate issue due to insuficient error handling of the case where the sighash type ...

PT-2026-38618

Name of the Vulnerable Software and Affected Versions Zebra versions 4.3.1 through 4.3.1 Description Insufficient error handling during sighash computation can lead to consensus divergence. When an invalid sighash type is encountered, the system fails to return an error, leaving the input sighash...

Zebra: Cached Mempool Verification Bypasses Consensus Rules for Ahead-of-Tip Blocks

CVE-2026-40880: Cached Mempool Verification Bypasses Consensus Rules for Ahead-of-Tip Blocks Summary A logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By carefully submitting a transaction that is valid for height H+1 but invalid fo...

GHSA-3VMH-33XR-9CQH Zebra has a Consensus Failure due to Improper Verification of V5 Transactions

--- CVE-2026-34377: Consensus Failure via Crafted V5 Authorization Data Summary A logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By matching a valid transaction's txid while providing invalid authorization data, a miner could cause...

EUVD-2021-1653

Malware in sbrugna...

EUVD-2021-1427

Malware in sbrugna...

SUSE CVE-2020-26241

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. This is a Consensus vulnerability in Geth before version 1.9.17 which can be used to cause a chain-split where vulnerable nodes reject the canonical chain. Geth's pre-compiled dataCopy at 0x00...04 contract di...

CVE-2021-39137

go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a consensus-vulnerability in go-ethereum Geth could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Further details about the vulnerability will be disclosed at a late...

SUSE CVE-2020-26265

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth from version 1.9.4 and before version 1.9.20 a consensus-vulnerability could cause a chain split, where vulnerable versions refuse to accept the canonical chain. The fix was included in the Paragade...

CVE-2021-39137

go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a consensus-vulnerability in go-ethereum Geth could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Further details about the vulnerability will be disclosed at a late...

CVE-2021-39137

go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a consensus-vulnerability in go-ethereum Geth could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Further details about the vulnerability will be disclosed at a late...

Design/Logic Flaw

go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a consensus-vulnerability in go-ethereum Geth could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Further details about the vulnerability will be disclosed at a late...

CVE-2021-39137

The CVE-2021-39137 entry concerns go-ethereum (Geth). A memory-corruption/consensus flaw in the EVM can cause a node to reject or diverge from the canonical chain, potentially leading to chain splits as described in multiple advisories. A patch is included in the v1.10.8 release; no workaround is...

PT-2021-7369 · Unknown · Go-Ethereum

Name of the Vulnerable Software and Affected Versions: go-ethereum versions prior to v1.10.8 Description: A consensus-vulnerability in go-ethereum Geth could cause a chain split, where vulnerable versions refuse to accept the canonical chain. This issue is related to a memory-corruption bug withi...

GHSA-XW37-57QP-9MM4 Consensus flaw during block processing in github.com/ethereum/go-ethereum

Impact A consensus-vulnerability in Geth could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Description A flaw was repoted at 2020-08-11 by John Youngseok Yang Software Platform Lab, where a particular sequence of transactions could cause a consensus failur...

Consensus flaw during block processing in github.com/ethereum/go-ethereum

Impact A consensus-vulnerability in Geth could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Description A flaw was repoted at 2020-08-11 by John Youngseok Yang Software Platform Lab, where a particular sequence of transactions could cause a consensus failur...

Shallow copy bug in geth

Impact This is a Consensus vulnerability, which can be used to cause a chain-split where vulnerable nodes reject the canonical chain. Geth’s pre-compiled dataCopy at 0x00...04 contract did a shallow copy on invocation. An attacker could deploy a contract that - writes X to an EVM memory region R,...

CVE-2020-26265

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth from version 1.9.4 and before version 1.9.20 a consensus-vulnerability could cause a chain split, where vulnerable versions refuse to accept the canonical chain. The fix was included in the Paragade...

CVE-2020-26265

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth from version 1.9.4 and before version 1.9.20 a consensus-vulnerability could cause a chain split, where vulnerable versions refuse to accept the canonical chain. The fix was included in the Paragade...