Lucene search
K

573 matches found

Vulnrichment
Vulnrichment
added 2026/05/08 3:6 p.m.16 views

CVE-2026-41585 ZEBRA: Denial of Service via Interrupted JSON-RPC Requests from Authenticated Clients

ZEBRA is a Zcash node written entirely in Rust. From zebrad versions 2.2.0 to before 4.3.1 and from zebra-rpc versions 1.0.0-beta.45 to before 6.0.2, a vulnerability in Zebra's JSON-RPC HTTP middleware allows an authenticated RPC client to cause a Zebra node to crash by disconnecting before the...

6.9CVSS5.8AI score0.00257EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/08 3:5 p.m.32 views

CVE-2026-41584 ZEBRA: rk Identity Point Panic in Transaction Verification

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-chain version 6.0.2, Orchard transactions contain a rk field which is a randomized validating key and also an elliptic curve point. The Zcash specification allows the field to be the identity a "zero"...

9.2CVSS0.00268EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/08 3:5 p.m.11 views

CVE-2026-41584

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-chain version 6.0.2, Orchard transactions contain a rk field which is a randomized validating key and also an elliptic curve point. The Zcash specification allows the field to be the identity a "zero"...

9.2CVSS5.7AI score0.00268EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/08 3:5 p.m.14 views

CVE-2026-41584 ZEBRA: rk Identity Point Panic in Transaction Verification

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-chain version 6.0.2, Orchard transactions contain a rk field which is a randomized validating key and also an elliptic curve point. The Zcash specification allows the field to be the identity a "zero"...

9.2CVSS5.7AI score0.00268EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/08 3:5 p.m.8 views

EUVD-2026-28654

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-chain version 6.0.2, Orchard transactions contain a rk field which is a randomized validating key and also an elliptic curve point. The Zcash specification allows the field to be the identity a "zero"...

9.2CVSS5.7AI score0.00268EPSS
Exploits0References1
CVE
CVE
added 2026/05/08 3:5 p.m.18 views

CVE-2026-41584

ZEBRA (the Zebra node implementation for Zcash) is affected by CVE-2026-41584 due to the rk field in Orchard transactions. Prior to zebrad 4.3.1 and zebra-chain 6.0.2, an identity value for rk (the randomized validating key and elliptic-curve point) could trigger a panic in the orchard crate used...

9.2CVSS5.7AI score0.00268EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2026/05/08 2:55 p.m.35 views

CVE-2026-41583 ZEBRA: Consensus Divergence in Transparent Sighash Hash-Type Handling

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-script version 5.0.2, after a refactoring, Zebra failed to validate a consensus rule that restricted the possible values of sighash hash types for V5 transactions which were enabled in the NU5 network...

9.3CVSS0.00278EPSS
Exploits0References1
CVE
CVE
added 2026/05/08 2:55 p.m.19 views

CVE-2026-41583

ZEBRA: Consensus Divergence in Transparent Sighash Hash-Type Handling (CVE-2026-41583). Zebra, a Rust-based Zcash node, failed after a refactor to validate sighash hash-type limits for V5 (NU5) and V4 transactions. This could allow Zebra to accept/mined blocks that zcashd would reject, causing a ...

9.3CVSS5.7AI score0.00278EPSS
Exploits0References1Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/05/08 2:55 p.m.6 views

CVE-2026-41583

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-script version 5.0.2, after a refactoring, Zebra failed to validate a consensus rule that restricted the possible values of sighash hash types for V5 transactions which were enabled in the NU5 network...

9.3CVSS5.7AI score0.00278EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/08 2:55 p.m.13 views

CVE-2026-41583 ZEBRA: Consensus Divergence in Transparent Sighash Hash-Type Handling

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-script version 5.0.2, after a refactoring, Zebra failed to validate a consensus rule that restricted the possible values of sighash hash types for V5 transactions which were enabled in the NU5 network...

9.3CVSS5.7AI score0.00278EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.12 views

zebra 安全漏洞

Zebra is an open-source Zcash implementation built using Rust by the Zcash Foundation. Versions of Zebra prior to 4.4.0 contained security vulnerabilities. These vulnerabilities stemmed from excessive buffer sizes allocated for multiple inbound deserialization paths, which could allow attackers t...

5.3CVSS5.9AI score0.00362EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.11 views

zebra 安全漏洞

Zebra is an open-source Zcash implementation built with Rust by the Zcash Foundation. Versions of Zebra prior to 4.4.0 contained security vulnerabilities; these vulnerabilities stemmed from the block verifier underestimating the number of transparent signature operations, which could lead to...

9.2CVSS5.8AI score0.00283EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.13 views

zebra 安全漏洞

Zebra is an open-source Zcash implementation built using Rust by the Zcash Foundation. Versions of Zebra prior to 4.3.1 contained a security vulnerability. This vulnerability occurred when the rk field in Orchard transactions was set to an identity value, causing the Orchard crate to crash and...

9.2CVSS5.8AI score0.00268EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.11 views

zebra 安全漏洞

Zebra is an open-source Zcash implementation built using Rust by the Zcash Foundation. Versions of Zebra prior to 4.3.1 contained security vulnerabilities. These vulnerabilities stemmed from the use of sighash hash types for V5 transactions and the standard hash type used for V4 transactions, whi...

9.3CVSS5.8AI score0.00278EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.7 views

zebra 安全漏洞

Zebra is an open-source implementation of Zcash full node written in Rust by the Zcash Foundation. Versions of Zebra prior to 4.4.0 contained a security vulnerability, which was caused by a combined denial-of-service vulnerability in the block discovery pipeline. This vulnerability could allow...

8.7CVSS5.8AI score0.00351EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.15 views

zebra 数据伪造问题漏洞

Zebra is an open-source Zcash implementation built with Rust by the Zcash Foundation. Versions of Zebra prior to 4.4.0 had a data forgery vulnerability, which stemmed from insufficient error handling when sighash types were invalid, potentially leading to consensus splits...

9.3CVSS5.8AI score0.00188EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.12 views

zebra 安全漏洞

Zebra is an open-source Zcash implementation built using Rust by the Zcash Foundation. There were security vulnerabilities in versions 2.2.0 to 4.3.1 of Zebra. These vulnerabilities stemmed from the JSON-RPC HTTP middleware disconnecting connections when the request body was not fully received,...

6.9CVSS5.8AI score0.00257EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.17 views

PT-2026-39149

Name of the Vulnerable Software and Affected Versions ZEBRA versions prior to 4.4.0 Description A composite denial-of-service issue in the block discovery pipeline allows an unauthenticated remote attacker to permanently stop all new block discovery on a targeted node. The attack leverages three...

8.7CVSS5.8AI score0.00351EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/05/07 9:2 p.m.13 views

Zebra's Transparent SIGHASH_SINGLE Handling Diverges from zcashd for Corresponding Outputs

Zebra Transparent SIGHASHSINGLE Corresponding-Output Handling Diverges From zcashd Summary For V5+ transparent spends, Zebra and zcashd disagree on the same consensus rule: SIGHASHSINGLE must fail when the input index has no corresponding output. zcashd treats this as consensus-invalid under...

5.9AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/07 8:56 p.m.6 views

GHSA-GQ4H-3GRW-2RHV Zebra has Consensus Divergence in Transparent Sighash Hash-Type Handling due to Stale Buffer

CVE-2026-44497: Consensus Divergence in Transparent Sighash Hash-Type Handling due to Stale Buffer Summary The fix for https://github.com/ZcashFoundation/zebra/security/advisories/GHSA-8m29-fpq5-89jj introduced a separate issue due to insuficient error handling of the case where the sighash type ...

9.3CVSS5.9AI score0.00188EPSS
Exploits0References4
Rows per page
Query Builder