Lucene search
K

400 matches found

OSV
OSV
added 2026/05/08 2:55 p.m.3 views

CVE-2026-41583 ZEBRA: Consensus Divergence in Transparent Sighash Hash-Type Handling

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-script version 5.0.2, after a refactoring, Zebra failed to validate a consensus rule that restricted the possible values of sighash hash types for V5 transactions which were enabled in the NU5 network...

9.3CVSS5.9AI score0.00278EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/08 2:55 p.m.35 views

CVE-2026-41583 ZEBRA: Consensus Divergence in Transparent Sighash Hash-Type Handling

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-script version 5.0.2, after a refactoring, Zebra failed to validate a consensus rule that restricted the possible values of sighash hash types for V5 transactions which were enabled in the NU5 network...

9.3CVSS0.00278EPSS
Exploits0References1
CVE
CVE
added 2026/05/08 2:55 p.m.21 views

CVE-2026-41583

ZEBRA: Consensus Divergence in Transparent Sighash Hash-Type Handling (CVE-2026-41583). Zebra, a Rust-based Zcash node, failed after a refactor to validate sighash hash-type limits for V5 (NU5) and V4 transactions. This could allow Zebra to accept/mined blocks that zcashd would reject, causing a ...

9.3CVSS5.7AI score0.00278EPSS
Exploits0References1Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/05/08 2:55 p.m.6 views

CVE-2026-41583

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-script version 5.0.2, after a refactoring, Zebra failed to validate a consensus rule that restricted the possible values of sighash hash types for V5 transactions which were enabled in the NU5 network...

9.3CVSS5.7AI score0.00278EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/08 2:55 p.m.13 views

CVE-2026-41583 ZEBRA: Consensus Divergence in Transparent Sighash Hash-Type Handling

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-script version 5.0.2, after a refactoring, Zebra failed to validate a consensus rule that restricted the possible values of sighash hash types for V5 transactions which were enabled in the NU5 network...

9.3CVSS5.7AI score0.00278EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/08 2:55 p.m.14 views

EUVD-2026-28653

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-script version 5.0.2, after a refactoring, Zebra failed to validate a consensus rule that restricted the possible values of sighash hash types for V5 transactions which were enabled in the NU5 network...

9.3CVSS5.7AI score0.00278EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.11 views

zebra 安全漏洞

Zebra is an open-source Zcash implementation built using Rust by the Zcash Foundation. Versions of Zebra prior to 4.3.1 contained security vulnerabilities. These vulnerabilities stemmed from the use of sighash hash types for V5 transactions and the standard hash type used for V4 transactions, whi...

9.3CVSS5.8AI score0.00278EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.15 views

zebra 数据伪造问题漏洞

Zebra is an open-source Zcash implementation built with Rust by the Zcash Foundation. Versions of Zebra prior to 4.4.0 had a data forgery vulnerability, which stemmed from insufficient error handling when sighash types were invalid, potentially leading to consensus splits...

9.3CVSS5.8AI score0.00188EPSS
Exploits0References1
OSV
OSV
added 2026/05/07 8:56 p.m.6 views

GHSA-GQ4H-3GRW-2RHV Zebra has Consensus Divergence in Transparent Sighash Hash-Type Handling due to Stale Buffer

CVE-2026-44497: Consensus Divergence in Transparent Sighash Hash-Type Handling due to Stale Buffer Summary The fix for https://github.com/ZcashFoundation/zebra/security/advisories/GHSA-8m29-fpq5-89jj introduced a separate issue due to insuficient error handling of the case where the sighash type ...

9.3CVSS5.9AI score0.00188EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/07 8:56 p.m.12 views

Zebra has Consensus Divergence in Transparent Sighash Hash-Type Handling due to Stale Buffer

CVE-2026-44497: Consensus Divergence in Transparent Sighash Hash-Type Handling due to Stale Buffer Summary The fix for https://github.com/ZcashFoundation/zebra/security/advisories/GHSA-8m29-fpq5-89jj introduced a separate issue due to insuficient error handling of the case where the sighash type ...

9.3CVSS5.9AI score0.00188EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/07 8:54 p.m.11 views

Zebra's Block Validator Undercounts Coinbase and P2SH Sigops

Zebra's block validator undercounts transparent signature operations against the 20000-sigop block limit MAXBLOCKSIGOPS, allowing it to accept blocks that zcashd rejects with bad-blk-sigops. A miner who produces such a block can split the network: Zebra nodes follow the offending chain while zcas...

9.2CVSS5.7AI score0.00283EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.22 views

PT-2026-38618

Name of the Vulnerable Software and Affected Versions Zebra versions 4.3.1 through 4.3.1 Description Insufficient error handling during sighash computation can lead to consensus divergence. When an invalid sighash type is encountered, the system fails to return an error, leaving the input sighash...

9.3CVSS5.9AI score0.00188EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.19 views

PT-2026-38619

Zebra's block validator undercounts transparent signature operations against the 20000-sigop block limit MAX BLOCK SIGOPS, allowing it to accept blocks that zcashd rejects with bad-blk-sigops. A miner who produces such a block can split the network: Zebra nodes follow the offending chain while...

9.2CVSS5.7AI score0.00283EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2026/05/04 12:0 a.m.13 views

A Validated Prompt Bank for Malicious Code Generation: Separating Executable Weapons from Security Knowledge in 1,554 Consensus-Labeled Prompts

Existing benchmarks of language-model refusal on malicious-coding tasks routinely conflate requests for executable malicious software with requests for harmful security knowledge. This conflation matters because the two request types plausibly trigger distinct refusal pathways in safety-aligned...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/22 7:23 p.m.9 views

nimiq-block-production (>=0.1.0 <=0.2.0), nimiq-client (>=0.1.0 <=0.2.0) +6 more potentially affected by CVE-2026-34066 via nimiq-blockchain (>=0.1.0 <=0.2.0)

nimiq-blockchain CARGO version =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0 Source cves: CVE-2026-34066 Source advisory: OSV:GHSA-J99G-7RQW-Q9JG...

5.3CVSS5.8AI score0.00242EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/22 7:13 p.m.11 views

nimiq-accounts (>=0.1.0 <=0.2.0), nimiq-block-production (>=0.1.0 <=0.2.0) +11 more potentially affected by CVE-2026-33471 via nimiq-block (>=0.1.0 <=0.2.0)

nimiq-block CARGO version =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0 Source cves: CVE-2026-33471 Source advisory: OSV:GHSA-6973-8887-87FF...

9.6CVSS5.8AI score0.00217EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/22 7:13 p.m.29 views

CVE-2026-33471 nimiq-block has skip block quorum bypass via out-of-range BitSet indices & u16 truncation

nimiq-block contains block primitives to be used in Nimiq's Rust implementation. SkipBlockProof::verify computes its quorum check using BitSet.len, then iterates BitSet indices and casts each usize index to u16 slot as u16 for slot lookup. Prior to version 1.3.0, if an attacker can get a...

9.6CVSS0.00217EPSS
Exploits0References3
NVD
NVD
added 2026/04/21 8:17 p.m.14 views

CVE-2026-40880

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and zebra-consensus version 5.0.2, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By carefully submitting a transaction that is valid for height H+1 bu...

8.1CVSS0.00261EPSS
Exploits0References1
OSV
OSV
added 2026/04/21 7:18 p.m.3 views

CVE-2026-40880 Zebra: Cached Mempool Verification Bypasses Consensus Rules for Ahead-of-Tip Blocks

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and zebra-consensus version 5.0.2, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By carefully submitting a transaction that is valid for height H+1 bu...

7.2CVSS6AI score0.00261EPSS
Exploits0References3
CVE
CVE
added 2026/04/21 7:18 p.m.25 views

CVE-2026-40880

The CVE-2026-40880 issue affects Zebra (Zcash node) prior to Zebrad 4.3.1 and zebra-consensus 5.0.2. A logic error in Zebra’s transaction verification cache allowed a malicious miner to exploit height-dependent validity (e.g., an expiry height or upgrade) by submitting a transaction valid at heig...

8.1CVSS5.8AI score0.00261EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder