Zcashd
Monthly
Zcash zcashd before version 6.12.0 fails to properly verify Sprout zero-knowledge proofs under certain conditions, allowing authenticated attackers to submit invalid transactions that could drain funds from the Sprout shielded pool. The vulnerability requires authenticated access and complex conditions to exploit, resulting in a low CVSS score of 3.5 despite the potential financial impact. No public exploit code or active exploitation has been confirmed.
Zcash zcashd before version 6.12.0 fails to properly verify Sprout zero-knowledge proofs under certain conditions, allowing authenticated attackers to submit invalid transactions that could drain funds from the Sprout shielded pool. The vulnerability requires authenticated access and complex conditions to exploit, resulting in a low CVSS score of 3.5 despite the potential financial impact. No public exploit code or active exploitation has been confirmed.