573 matches found
GHSA-XVJ8-PH7X-65GF Zebra: Cached Mempool Verification Bypasses Consensus Rules for Ahead-of-Tip Blocks
CVE-2026-40880: Cached Mempool Verification Bypasses Consensus Rules for Ahead-of-Tip Blocks Summary A logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By carefully submitting a transaction that is valid for height H+1 but invalid fo...
Zebra: Cached Mempool Verification Bypasses Consensus Rules for Ahead-of-Tip Blocks
CVE-2026-40880: Cached Mempool Verification Bypasses Consensus Rules for Ahead-of-Tip Blocks Summary A logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By carefully submitting a transaction that is valid for height H+1 but invalid fo...
PT-2026-37131
A vulnerability in Zebra's JSON-RPC HTTP middleware allows an authenticated RPC client to cause a Zebra node to crash by disconnecting before the request body is fully received. The node treats the failure to read the HTTP request body as an unrecoverable error and aborts the process instead of...
PT-2026-33599
CVE-2026-40881: addr/addrv2 Deserialization Resource Exhaustion Summary When deserializing addr or addrv2 messages, which contain vectors of addresses, Zebra would fully deserialize them up to a maximum length over 233,000 that was derived from the 2 MiB message size limit. This is much larger th...
PT-2026-33597
Name of the Vulnerable Software and Affected Versions Zebra versions prior to 4.3.1 Description A logic error in the transaction verification cache allows a malicious miner to induce a consensus split. The issue stems from a performance optimization that skips transaction validation if the...
PT-2026-37130
rk Identity Point Panic in Transaction Verification Summary Orchard transactions contain a rk field which is a randomized validating key and also an elliptic curve point. The Zcash specification allows the field to be the identity a "zero" value, however, the orchard crate which is used to verify...
CVE-2026-34377
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-consensus version 5.0.1, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By matching a valid transaction's txid while providing invalid...
CVE-2026-34202
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-chain version 6.0.1, a vulnerability in Zebra's transaction processing logic allows a remote, unauthenticated attacker to cause a Zebra node to panic crash. This is triggered by sending a specially crafted V5...
CVE-2026-34377
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-consensus version 5.0.1, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By matching a valid transaction's txid while providing invalid...
CVE-2026-34202
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-chain version 6.0.1, a vulnerability in Zebra's transaction processing logic allows a remote, unauthenticated attacker to cause a Zebra node to panic crash. This is triggered by sending a specially crafted V5...
CVE-2026-34377 Zebra has a Consensus Failure due to Improper Verification of V5 Transactions
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-consensus version 5.0.1, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By matching a valid transaction's txid while providing invalid...
CVE-2026-34377
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-consensus version 5.0.1, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By matching a valid transaction's txid while providing invalid...
CVE-2026-34377
ZEBRA (Zcash node, Zebra) contains a consensus-failure vulnerability in its handling of V5 transactions. Before zebrad v4.3.0 and zebra-consensus v5.0.1, a logic error in the transaction verification cache could let a malicious miner craft a block with an invalid authorization data set but a matc...
CVE-2026-34202 Zebra node crash — V5 transaction hash panic (P2P reachable)
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-chain version 6.0.1, a vulnerability in Zebra's transaction processing logic allows a remote, unauthenticated attacker to cause a Zebra node to panic crash. This is triggered by sending a specially crafted V5...
CVE-2026-34202 Zebra node crash — V5 transaction hash panic (P2P reachable)
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-chain version 6.0.1, a vulnerability in Zebra's transaction processing logic allows a remote, unauthenticated attacker to cause a Zebra node to panic crash. This is triggered by sending a specially crafted V5...
CVE-2026-34202 Zebra node crash — V5 transaction hash panic (P2P reachable)
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-chain version 6.0.1, a vulnerability in Zebra's transaction processing logic allows a remote, unauthenticated attacker to cause a Zebra node to panic crash. This is triggered by sending a specially crafted V5...
CVE-2026-34202
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-chain version 6.0.1, a vulnerability in Zebra's transaction processing logic allows a remote, unauthenticated attacker to cause a Zebra node to panic crash. This is triggered by sending a specially crafted V5...
CVE-2026-34202
ZEBRA (Zcash node) has a vulnerability in its transaction processing logic that can crash a remote, unauthenticated Zebra node by sending a crafted V5 transaction. The issue affects zebrad before version 4.3.0 and zebra-chain before 6.0.1, where transaction ID calculation can panic after successf...
zebra 安全漏洞
Zebra is an open-source Zcash implementation built using Rust by the Zcash Foundation. There is a security vulnerability in Zebra, which stems from vulnerabilities in the transaction processing logic of Zebra. This vulnerability could allow remote, unauthenticated attackers to cause Zebra nodes t...
zebra 数据伪造问题漏洞
Zebra is an open-source implementation of Zcash full node written in Rust by the Zcash Foundation. Zebra has a vulnerability related to data forgery, which stems from logical errors in the transaction verification cache. This vulnerability could allow malicious miners to manipulate consensus...