Lucene search
K

573 matches found

osv
osv
added 2026/04/18 12:41 a.m.4 views

GHSA-XVJ8-PH7X-65GF Zebra: Cached Mempool Verification Bypasses Consensus Rules for Ahead-of-Tip Blocks

CVE-2026-40880: Cached Mempool Verification Bypasses Consensus Rules for Ahead-of-Tip Blocks Summary A logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By carefully submitting a transaction that is valid for height H+1 but invalid fo...

7.2CVSS5.8AI score0.00261EPSS
Exploits0References3
github
github
added 2026/04/18 12:41 a.m.11 views

Zebra: Cached Mempool Verification Bypasses Consensus Rules for Ahead-of-Tip Blocks

CVE-2026-40880: Cached Mempool Verification Bypasses Consensus Rules for Ahead-of-Tip Blocks Summary A logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By carefully submitting a transaction that is valid for height H+1 but invalid fo...

8.1CVSS5.8AI score0.00261EPSS
Exploits0References3Affected Software2
ptsecurity
ptsecurity
added 2026/04/18 12:0 a.m.13 views

PT-2026-37131

A vulnerability in Zebra's JSON-RPC HTTP middleware allows an authenticated RPC client to cause a Zebra node to crash by disconnecting before the request body is fully received. The node treats the failure to read the HTTP request body as an unrecoverable error and aborts the process instead of...

6.9CVSS5.8AI score0.00257EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/04/18 12:0 a.m.9 views

PT-2026-33599

CVE-2026-40881: addr/addrv2 Deserialization Resource Exhaustion Summary When deserializing addr or addrv2 messages, which contain vectors of addresses, Zebra would fully deserialize them up to a maximum length over 233,000 that was derived from the 2 MiB message size limit. This is much larger th...

6.3CVSS5.7AI score0.00263EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/04/18 12:0 a.m.9 views

PT-2026-33597

Name of the Vulnerable Software and Affected Versions Zebra versions prior to 4.3.1 Description A logic error in the transaction verification cache allows a malicious miner to induce a consensus split. The issue stems from a performance optimization that skips transaction validation if the...

7.2CVSS5.8AI score0.00261EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/04/18 12:0 a.m.20 views

PT-2026-37130

rk Identity Point Panic in Transaction Verification Summary Orchard transactions contain a rk field which is a randomized validating key and also an elliptic curve point. The Zcash specification allows the field to be the identity a "zero" value, however, the orchard crate which is used to verify...

9.2CVSS5.8AI score0.00268EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/04/01 5:3 p.m.4 views

CVE-2026-34377

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-consensus version 5.0.1, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By matching a valid transaction's txid while providing invalid...

8.4CVSS5.7AI score0.00255EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/04/01 5:3 p.m.4 views

CVE-2026-34202

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-chain version 6.0.1, a vulnerability in Zebra's transaction processing logic allows a remote, unauthenticated attacker to cause a Zebra node to panic crash. This is triggered by sending a specially crafted V5...

9.2CVSS5.8AI score0.00725EPSS
Exploits0References1
nvd
nvd
added 2026/03/31 3:16 p.m.9 views

CVE-2026-34377

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-consensus version 5.0.1, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By matching a valid transaction's txid while providing invalid...

8.4CVSS0.00255EPSS
Exploits1References3
nvd
nvd
added 2026/03/31 3:16 p.m.4 views

CVE-2026-34202

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-chain version 6.0.1, a vulnerability in Zebra's transaction processing logic allows a remote, unauthenticated attacker to cause a Zebra node to panic crash. This is triggered by sending a specially crafted V5...

9.2CVSS0.00725EPSS
Exploits0References3
osv
osv
added 2026/03/31 2:5 p.m.5 views

CVE-2026-34377 Zebra has a Consensus Failure due to Improper Verification of V5 Transactions

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-consensus version 5.0.1, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By matching a valid transaction's txid while providing invalid...

8.4CVSS5.7AI score0.00255EPSS
Exploits1References5
attackerkb
attackerkb
added 2026/03/31 2:5 p.m.6 views

CVE-2026-34377

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-consensus version 5.0.1, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By matching a valid transaction's txid while providing invalid...

8.4CVSS5.7AI score0.00255EPSS
Exploits1References4Affected Software2
cve
cve
added 2026/03/31 2:5 p.m.15 views

CVE-2026-34377

ZEBRA (Zcash node, Zebra) contains a consensus-failure vulnerability in its handling of V5 transactions. Before zebrad v4.3.0 and zebra-consensus v5.0.1, a logic error in the transaction verification cache could let a malicious miner craft a block with an invalid authorization data set but a matc...

8.4CVSS5.7AI score0.00255EPSS
Exploits1References3Affected Software2
vulnrichment
vulnrichment
added 2026/03/31 2:2 p.m.1 views

CVE-2026-34202 Zebra node crash — V5 transaction hash panic (P2P reachable)

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-chain version 6.0.1, a vulnerability in Zebra's transaction processing logic allows a remote, unauthenticated attacker to cause a Zebra node to panic crash. This is triggered by sending a specially crafted V5...

9.2CVSS5.8AI score0.00725EPSS
Exploits0References3
cvelist
cvelist
added 2026/03/31 2:2 p.m.26 views

CVE-2026-34202 Zebra node crash — V5 transaction hash panic (P2P reachable)

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-chain version 6.0.1, a vulnerability in Zebra's transaction processing logic allows a remote, unauthenticated attacker to cause a Zebra node to panic crash. This is triggered by sending a specially crafted V5...

9.2CVSS0.00725EPSS
Exploits0References3
osv
osv
added 2026/03/31 2:2 p.m.5 views

CVE-2026-34202 Zebra node crash — V5 transaction hash panic (P2P reachable)

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-chain version 6.0.1, a vulnerability in Zebra's transaction processing logic allows a remote, unauthenticated attacker to cause a Zebra node to panic crash. This is triggered by sending a specially crafted V5...

9.2CVSS5.8AI score0.00725EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/03/31 2:2 p.m.7 views

CVE-2026-34202

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-chain version 6.0.1, a vulnerability in Zebra's transaction processing logic allows a remote, unauthenticated attacker to cause a Zebra node to panic crash. This is triggered by sending a specially crafted V5...

9.2CVSS5.8AI score0.00725EPSS
Exploits0References4Affected Software2
cve
cve
added 2026/03/31 2:2 p.m.23 views

CVE-2026-34202

ZEBRA (Zcash node) has a vulnerability in its transaction processing logic that can crash a remote, unauthenticated Zebra node by sending a crafted V5 transaction. The issue affects zebrad before version 4.3.0 and zebra-chain before 6.0.1, where transaction ID calculation can panic after successf...

9.2CVSS5.8AI score0.00725EPSS
Exploits0References3Affected Software2
cnnvd
cnnvd
added 2026/03/31 12:0 a.m.8 views

zebra 安全漏洞

Zebra is an open-source Zcash implementation built using Rust by the Zcash Foundation. There is a security vulnerability in Zebra, which stems from vulnerabilities in the transaction processing logic of Zebra. This vulnerability could allow remote, unauthenticated attackers to cause Zebra nodes t...

9.2CVSS5.8AI score0.00725EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/03/31 12:0 a.m.12 views

zebra 数据伪造问题漏洞

Zebra is an open-source implementation of Zcash full node written in Rust by the Zcash Foundation. Zebra has a vulnerability related to data forgery, which stems from logical errors in the transaction verification cache. This vulnerability could allow malicious miners to manipulate consensus...

8.4CVSS5.8AI score0.00255EPSS
Exploits1References3
Rows per page
Query Builder