Lucene search
+L

583 matches found

NVD
NVD
added 2026/05/08 3:16 p.m.11 views

CVE-2026-41585

ZEBRA is a Zcash node written entirely in Rust. From zebrad versions 2.2.0 to before 4.3.1 and from zebra-rpc versions 1.0.0-beta.45 to before 6.0.2, a vulnerability in Zebra's JSON-RPC HTTP middleware allows an authenticated RPC client to cause a Zebra node to crash by disconnecting before the...

6.9CVSS0.00257EPSS
Exploits0References1
NVD
NVD
added 2026/05/08 3:16 p.m.10 views

CVE-2026-41584

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-chain version 6.0.2, Orchard transactions contain a rk field which is a randomized validating key and also an elliptic curve point. The Zcash specification allows the field to be the identity a "zero"...

9.2CVSS0.00268EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/08 3:11 p.m.56 views

CVE-2026-44499 ZEBRA: Permanent Block Discovery Halt via Gossip Queue Saturation and Syncer Poisoning

ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, a composite denial-of-service vulnerability in Zebra's block discovery pipeline allows an unauthenticated remote attacker to permanently halt all new block discovery on a targeted node. The attack exploits three independent...

8.7CVSS0.00351EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/08 3:11 p.m.12 views

CVE-2026-44499 ZEBRA: Permanent Block Discovery Halt via Gossip Queue Saturation and Syncer Poisoning

ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, a composite denial-of-service vulnerability in Zebra's block discovery pipeline allows an unauthenticated remote attacker to permanently halt all new block discovery on a targeted node. The attack exploits three independent...

8.7CVSS5.8AI score0.00351EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/08 3:11 p.m.8 views

CVE-2026-44499

ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, a composite denial-of-service vulnerability in Zebra's block discovery pipeline allows an unauthenticated remote attacker to permanently halt all new block discovery on a targeted node. The attack exploits three independent...

8.7CVSS5.8AI score0.00351EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/08 3:11 p.m.41 views

CVE-2026-44499

ZEBRA (Zcash node, Rust) before 4.4.0 contains a composite DoS in the block discovery pipeline. An unauthenticated remote attacker can, via a single TCP connection, exploit three independent weaknesses in the gossip, syncer, and download subsystems to create a monotonically growing block deficit ...

8.7CVSS5.8AI score0.00351EPSS
Exploits0References1
OSV
OSV
added 2026/05/08 3:11 p.m.3 views

CVE-2026-44499 ZEBRA: Permanent Block Discovery Halt via Gossip Queue Saturation and Syncer Poisoning

ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, a composite denial-of-service vulnerability in Zebra's block discovery pipeline allows an unauthenticated remote attacker to permanently halt all new block discovery on a targeted node. The attack exploits three independent...

8.7CVSS6AI score0.00351EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/08 3:10 p.m.37 views

CVE-2026-44500 ZEBRA: Allocation Amplification in Inbound Network Deserializers

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0, prior to zebra-chain version 7.0.0, and prior to zebra-network version 6.0.0, several inbound deserialization paths in Zebra allocated buffers sized against generic transport or block-size ceilings before the tighter...

5.3CVSS0.00362EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/08 3:10 p.m.10 views

CVE-2026-44500 ZEBRA: Allocation Amplification in Inbound Network Deserializers

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0, prior to zebra-chain version 7.0.0, and prior to zebra-network version 6.0.0, several inbound deserialization paths in Zebra allocated buffers sized against generic transport or block-size ceilings before the tighter...

5.3CVSS5.8AI score0.00362EPSS
Exploits1References1
CVE
CVE
added 2026/05/08 3:10 p.m.31 views

CVE-2026-44500

ZCV-64500: Allocation amplification in Zebra inbound deserializers affects Zebra nodes prior to 4.4.0 across zebrad, zebra-chain, and zebra-network. Inbound messages (headers, blocks, transactions) could be deserialized using generic transport or block-size ceilings, causing unauthenticated/post-...

5.3CVSS5.8AI score0.00362EPSS
Exploits1References1Affected Software3
OSV
OSV
added 2026/05/08 3:10 p.m.3 views

CVE-2026-44500 ZEBRA: Allocation Amplification in Inbound Network Deserializers

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0, prior to zebra-chain version 7.0.0, and prior to zebra-network version 6.0.0, several inbound deserialization paths in Zebra allocated buffers sized against generic transport or block-size ceilings before the tighter...

5.3CVSS5.9AI score0.00362EPSS
Exploits1References3
CVE
CVE
added 2026/05/08 3:9 p.m.27 views

CVE-2026-44498

CVE-2026-44498 affects ZEBRA (Zcash node written in Rust). Prior to version 4.4.0, Zebra’s block validator undercounted sigops, specifically: (A) Coinbase legacy sigops were not charged, hiding up to ~98 sigops, and (B) P2SH sigops were not accumulated during block validation. This caused blocks ...

9.2CVSS5.7AI score0.00283EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/08 3:9 p.m.7 views

CVE-2026-44498

ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, Zebra's block validator undercounts transparent signature operations against the 20000-sigop block limit MAXBLOCKSIGOPS, allowing it to accept blocks that zcashd rejects with bad-blk-sigops. A miner who produces such a block...

9.2CVSS5.7AI score0.00283EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/08 3:9 p.m.37 views

CVE-2026-44498 ZEBRA: Block Validator Undercounts Coinbase and P2SH Sigops

ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, Zebra's block validator undercounts transparent signature operations against the 20000-sigop block limit MAXBLOCKSIGOPS, allowing it to accept blocks that zcashd rejects with bad-blk-sigops. A miner who produces such a block...

9.2CVSS0.00283EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/08 3:9 p.m.7 views

CVE-2026-44498 ZEBRA: Block Validator Undercounts Coinbase and P2SH Sigops

ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, Zebra's block validator undercounts transparent signature operations against the 20000-sigop block limit MAXBLOCKSIGOPS, allowing it to accept blocks that zcashd rejects with bad-blk-sigops. A miner who produces such a block...

9.2CVSS5.7AI score0.00283EPSS
Exploits0References2
OSV
OSV
added 2026/05/08 3:9 p.m.2 views

CVE-2026-44498 ZEBRA: Block Validator Undercounts Coinbase and P2SH Sigops

ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, Zebra's block validator undercounts transparent signature operations against the 20000-sigop block limit MAXBLOCKSIGOPS, allowing it to accept blocks that zcashd rejects with bad-blk-sigops. A miner who produces such a block...

9.2CVSS5.9AI score0.00283EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/08 3:8 p.m.66 views

CVE-2026-44497 ZEBRA: Consensus Divergence in Transparent Sighash Hash-Type Handling due to Stale Buffer

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0 and prior to zebra-script version 6.0.0, the fix for CVE-2026-41583 introduced a separate issue due to insufficient error handling of the case where the sighash type is invalid, during sighash computation. Instead of...

9.3CVSS0.00188EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/08 3:8 p.m.8 views

CVE-2026-44497

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0 and prior to zebra-script version 6.0.0, the fix for CVE-2026-41583 introduced a separate issue due to insufficient error handling of the case where the sighash type is invalid, during sighash computation. Instead of...

9.3CVSS5.8AI score0.00278EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/08 3:8 p.m.11 views

CVE-2026-44497 ZEBRA: Consensus Divergence in Transparent Sighash Hash-Type Handling due to Stale Buffer

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0 and prior to zebra-script version 6.0.0, the fix for CVE-2026-41583 introduced a separate issue due to insufficient error handling of the case where the sighash type is invalid, during sighash computation. Instead of...

9.3CVSS5.8AI score0.00188EPSS
Exploits0References1
CVE
CVE
added 2026/05/08 3:8 p.m.33 views

CVE-2026-44497

ZEBRA/ZEC network node software is affected by CVE-2026-44497 due to insufficient error handling when an invalid sighash type is encountered during sighash computation. Prior to zebrad version 4.4.0 and zebra-script version 6.0.0, this could cause the normal flow to resume with the input sighash ...

9.3CVSS5.8AI score0.00188EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder