30 matches found
CVE-2026-41583
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-script version 5.0.2, after a refactoring, Zebra failed to validate a consensus rule that restricted the possible values of sighash hash types for V5 transactions which were enabled in the NU5 network...
CVE-2026-41583
ZEBRA: Consensus Divergence in Transparent Sighash Hash-Type Handling (CVE-2026-41583). Zebra, a Rust-based Zcash node, failed after a refactor to validate sighash hash-type limits for V5 (NU5) and V4 transactions. This could allow Zebra to accept/mined blocks that zcashd would reject, causing a ...
CVE-2026-41583 ZEBRA: Consensus Divergence in Transparent Sighash Hash-Type Handling
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-script version 5.0.2, after a refactoring, Zebra failed to validate a consensus rule that restricted the possible values of sighash hash types for V5 transactions which were enabled in the NU5 network...
Zebra has Consensus Divergence in Transparent Sighash Hash-Type Handling due to Stale Buffer
CVE-2026-44497: Consensus Divergence in Transparent Sighash Hash-Type Handling due to Stale Buffer Summary The fix for https://github.com/ZcashFoundation/zebra/security/advisories/GHSA-8m29-fpq5-89jj introduced a separate issue due to insuficient error handling of the case where the sighash type ...
GHSA-8M29-FPQ5-89JJ Zebra Vulnerable to Consensus Divergence in Transparent Sighash Hash-Type Handling
CVE-2026-41583: Consensus Divergence in Transparent Sighash Hash-Type Handling Summary After a refactoring, Zebra failed to validate a consensus rule that restricted the possible values of sighash hash types for V5 transactions which were enabled in the NU5 network upgrade. Zebra nodes could thus...
Zebra Vulnerable to Consensus Divergence in Transparent Sighash Hash-Type Handling
CVE-2026-41583: Consensus Divergence in Transparent Sighash Hash-Type Handling Summary After a refactoring, Zebra failed to validate a consensus rule that restricted the possible values of sighash hash types for V5 transactions which were enabled in the NU5 network upgrade. Zebra nodes could thus...
CVE-2026-35679
Zcash zcashd before 6.12.0 allows invalid transactions to be accepted under certain conditions, which potentially could have resulted in the draining of user funds from the Sprout pool. It was sometimes not verifying Sprout proofs...
CVE-2026-35679
CVE-2026-35679 affects Zcash zcashd prior to 6.12.0. The vulnerability allows invalid Sprout transactions to be accepted under certain conditions, potentially draining user funds from the Sprout pool, due to partial or improper verification of Sprout proofs. Impact is described as allowing the ac...
EUVD-2020-29654
Malware in sbrugna...
EUVD-2020-29655
Malware in sbrugna...
EUVD-2019-7423
Malware in sbrugna...
CVE-2020-8806
Electric Coin Company Zcashd before 2.1.1-1 allows attackers to trigger consensus failure and double spending. A valid chain could be incorrectly rejected because timestamp requirements on block headers were not properly enforced...
CVE-2020-8807
In Electric Coin Company Zcashd before 2.1.1-1, the time offset between messages could be leveraged to obtain sensitive information about the relationship between a suspected victim's address and an IP address, aka a timing side channel...
CVE-2019-16930
Zcashd in Zcash before 2.0.7-3 allows discovery of the IP address of a full node that owns a shielded address, related to mishandling of exceptions during deserialization of note plaintexts. This affects anyone who has disclosed their zaddr to a third party...
CVE-2020-8807
In Electric Coin Company Zcashd before 2.1.1-1, the time offset between messages could be leveraged to obtain sensitive information about the relationship between a suspected victim's address and an IP address, aka a timing side channel...
CVE-2020-8806
Electric Coin Company Zcashd before 2.1.1-1 allows attackers to trigger consensus failure and double spending. A valid chain could be incorrectly rejected because timestamp requirements on block headers were not properly enforced...
CVE-2020-8807
In Electric Coin Company Zcashd before 2.1.1-1, the time offset between messages could be leveraged to obtain sensitive information about the relationship between a suspected victim's address and an IP address, aka a timing side channel...
CVE-2020-8806
Electric Coin Company Zcashd before 2.1.1-1 allows attackers to trigger consensus failure and double spending. A valid chain could be incorrectly rejected because timestamp requirements on block headers were not properly enforced...
CVE-2020-8807
In Electric Coin Company Zcashd before 2.1.1-1, the time offset between messages could be leveraged to obtain sensitive information about the relationship between a suspected victim's address and an IP address, aka a timing side channel...
Code injection
In Electric Coin Company Zcashd before 2.1.1-1, the time offset between messages could be leveraged to obtain sensitive information about the relationship between a suspected victim's address and an IP address, aka a timing side channel...