22 matches found
CVE-2026-44500
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0, prior to zebra-chain version 7.0.0, and prior to zebra-network version 6.0.0, several inbound deserialization paths in Zebra allocated buffers sized against generic transport or block-size ceilings before the tighter...
Zebra Vulnerable to Allocation Amplification in Inbound Network Deserializers
CVE-2026-44500: Allocation Amplification in Inbound Network Deserializers Summary Several inbound deserialization paths in Zebra allocated buffers sized against generic transport or block-size ceilings before the tighter protocol or consensus limits were enforced. An unauthenticated or...
PT-2026-38620
CVE-2026-44500: Allocation Amplification in Inbound Network Deserializers Summary Several inbound deserialization paths in Zebra allocated buffers sized against generic transport or block-size ceilings before the tighter protocol or consensus limits were enforced. An unauthenticated or...
CVE-2019-11636
Zcash 2.x allows an inexpensive approach to "fill all transactions of all blocks" and "prevent any real transaction from occurring" via a "Sapling Wood-Chipper" attack...
CVE-2019-7167
Zcash, before the Sapling network upgrade 2018-10-28, had a counterfeiting vulnerability. A key-generation process, during evaluation of polynomials related to a to-be-proven statement, produced certain bypass elements. Availability of these elements allowed a cheating prover to bypass a...
EUVD-2019-16716
Malware in sbrugna...
EUVD-2019-3306
Malware in sbrugna...
MAL-2024-2983 Malicious code in sapling-output-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a9881410b4e7132728272d0e75bae0fdd73429bc2b8a936a6e723a03d61efc7e The OpenSSF Package Analysis project identified 'sapling-output-plugin' @ 2.0.0 npm as malicious. It is considered malicious because: - The...
Malicious code in sapling-output-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a9881410b4e7132728272d0e75bae0fdd73429bc2b8a936a6e723a03d61efc7e The OpenSSF Package Analysis project identified 'sapling-output-plugin' @ 2.0.0 npm as malicious. It is considered malicious because: - The...
Malicious Package
Overview sapling-output-plugin is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...
CVE-2019-11636
Zcash 2.x allows an inexpensive approach to "fill all transactions of all blocks" and "prevent any real transaction from occurring" via a "Sapling Wood-Chipper" attack...
Design/Logic Flaw
Zcash 2.x allows an inexpensive approach to "fill all transactions of all blocks" and "prevent any real transaction from occurring" via a "Sapling Wood-Chipper" attack...
CVE-2019-11636
Zcash 2.x allows an inexpensive approach to "fill all transactions of all blocks" and "prevent any real transaction from occurring" via a "Sapling Wood-Chipper" attack...
CVE-2019-11636
Zcash 2.x allows an inexpensive approach to "fill all transactions of all blocks" and "prevent any real transaction from occurring" via a "Sapling Wood-Chipper" attack...
CVE-2019-11636
Technical details about CVE-2019-11636 are not publicly provided in the supplied documents. Monitoring for updated advisories is advised; current sources describe a Sapling Wood-Chipper-like attack on Zcash 2.x but do not reveal affected versions, impact specifics, or fixes.
CVE-2019-7167
Zcash, before the Sapling network upgrade 2018-10-28, had a counterfeiting vulnerability. A key-generation process, during evaluation of polynomials related to a to-be-proven statement, produced certain bypass elements. Availability of these elements allowed a cheating prover to bypass a...
Design/Logic Flaw
Zcash, before the Sapling network upgrade 2018-10-28, had a counterfeiting vulnerability. A key-generation process, during evaluation of polynomials related to a to-be-proven statement, produced certain bypass elements. Availability of these elements allowed a cheating prover to bypass a...
CVE-2019-7167
Zcash, before the Sapling network upgrade 2018-10-28, had a counterfeiting vulnerability. A key-generation process, during evaluation of polynomials related to a to-be-proven statement, produced certain bypass elements. Availability of these elements allowed a cheating prover to bypass a...
CVE-2019-7167
Zcash, before the Sapling network upgrade 2018-10-28, had a counterfeiting vulnerability. A key-generation process, during evaluation of polynomials related to a to-be-proven statement, produced certain bypass elements. Availability of these elements allowed a cheating prover to bypass a...
CVE-2019-7167
CVE-2019-7167 concerns Zcash prior to the Sapling upgrade (2018-10-28), where a flaw in the key-generation process during polynomial evaluation allowed bypass elements to defeat a consistency check. This could enable a cheating prover to transform a proof of one statement into a seemingly valid p...