7 matches found
CVE-2026-40880 Zebra: Cached Mempool Verification Bypasses Consensus Rules for Ahead-of-Tip Blocks
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and zebra-consensus version 5.0.2, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By carefully submitting a transaction that is valid for height H+1 bu...
CVE-2026-40880
The CVE-2026-40880 issue affects Zebra (Zcash node) prior to Zebrad 4.3.1 and zebra-consensus 5.0.2. A logic error in Zebra’s transaction verification cache allowed a malicious miner to exploit height-dependent validity (e.g., an expiry height or upgrade) by submitting a transaction valid at heig...
CVE-2026-34377 Zebra has a Consensus Failure due to Improper Verification of V5 Transactions
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-consensus version 5.0.1, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By matching a valid transaction's txid while providing invalid...
CVE-2026-34377 Zebra has a Consensus Failure due to Improper Verification of V5 Transactions
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-consensus version 5.0.1, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By matching a valid transaction's txid while providing invalid...
zebra 数据伪造问题漏洞
Zebra is an open-source implementation of Zcash full node written in Rust by the Zcash Foundation. Zebra has a vulnerability related to data forgery, which stems from logical errors in the transaction verification cache. This vulnerability could allow malicious miners to manipulate consensus...
PT-2026-29168
--- CVE-2026-34377: Consensus Failure via Crafted V5 Authorization Data Summary A logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By matching a valid transaction's txid while providing invalid authorization data, a miner could cause...
DSA-2790-1 nss - uninitialized memory read
Bulletin has no description...