Skip to main content

Zcash

3 CVEs product

Monthly

CVE-2019-16930 MEDIUM PATCH This Month

Zcashd in Zcash before 2.0.7-3 allows discovery of the IP address of a full node that owns a shielded address, related to mishandling of exceptions during deserialization of note plaintexts. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Deserialization Zcash
NVD GitHub
CVSS 3.1
5.3
EPSS
1.6%
CVE-2019-11636 HIGH This Week

Zcash 2.x allows an inexpensive approach to "fill all transactions of all blocks" and "prevent any real transaction from occurring" via a "Sapling Wood-Chipper" attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zcash
NVD GitHub
CVSS 3.0
7.5
EPSS
2.2%
CVE-2019-7167 HIGH This Week

Zcash, before the Sapling network upgrade (2018-10-28), had a counterfeiting vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zcash
NVD GitHub
CVSS 3.0
7.5
EPSS
1.7%
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

Zcashd in Zcash before 2.0.7-3 allows discovery of the IP address of a full node that owns a shielded address, related to mishandling of exceptions during deserialization of note plaintexts. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Deserialization Zcash
NVD GitHub
EPSS 2% CVSS 7.5
HIGH This Week

Zcash 2.x allows an inexpensive approach to "fill all transactions of all blocks" and "prevent any real transaction from occurring" via a "Sapling Wood-Chipper" attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zcash
NVD GitHub
EPSS 2% CVSS 7.5
HIGH This Week

Zcash, before the Sapling network upgrade (2018-10-28), had a counterfeiting vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zcash
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy