Nixpkgs security tracker
9.2 CRITICAL
- CVSS version (CVSS): 4.0
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Attack Requirement (AT): None (N)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Vulnerable System Impact Confidentiality (VC): None (N)
- Vulnerable System Impact Integrity (VI): High (H)
- Vulnerable System Impact Availability (VA): None (N)
- Subsequent System Impact Confidentiality (SC): None (N)
- Subsequent System Impact Integrity (SI): High (H)
- Subsequent System Impact Availability (SA): None (N)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Attack Requirement (MAT): None (N)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Vulnerable System Impact Confidentiality (MVC): None (N)
- Modified Vulnerable System Impact Integrity (MVI): High (H)
- Modified Vulnerable System Impact Availability (MVA): None (N)
- Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
- Modified Subsequent System Impact Integrity (MSI): High (H)
- Modified Subsequent System Impact Availability (MSA): Negligible (N)
- Safety (S): Not Defined (X)
- Automatable (AU): Not Defined (X)
- Recovery (R): Not Defined (X)
- Value Density (V): Not Defined (X)
- Vulnerability Response Effort (RE): Not Defined (X)
- Provider Urgency (U): Not Defined (X)
- Confidentiality Req. (CR): Not Defined (X)
- Integrity Req. (IR): Not Defined (X)
- Availability Req. (AR): Not Defined (X)
- Exploit Maturity (E): Not Defined (X)
Activity log
- Created suggestion
ZEBRA: Block Validator Undercounts Coinbase and P2SH Sigops
ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, Zebra's block validator undercounts transparent signature operations against the 20000-sigop block limit (MAX_BLOCK_SIGOPS), allowing it to accept blocks that zcashd rejects with bad-blk-sigops. A miner who produces such a block can split the network: Zebra nodes follow the offending chain while zcashd nodes do not. This issue has been patched in version 4.4.0.
References
-
https://github.com/ZcashFoundation/zebra/security/advisories/GHSA-jv4h-j224-23cc x_refsource_CONFIRM
-
https://github.com/ZcashFoundation/zebra/releases/tag/v4.4.0 x_refsource_MISC
Affected products
- ==< 4.4.0
Matching in nixpkgs
pkgs.typstPackages.zebra
A QR code and Data Matrix generator using Typst native rendering
pkgs.typstPackages.zebraw
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.python312Packages.zebrafy
Python library for converting PDF and images to and from Zebra Programming Language
pkgs.python313Packages.zebrafy
Python library for converting PDF and images to and from Zebra Programming Language
pkgs.python314Packages.zebrafy
Python library for converting PDF and images to and from Zebra Programming Language
pkgs.typstPackages.zebra-notes
Elegant, non-intrusive collaborative note-taking and task marking for Typst documents. Features automatic numbering, bilingual support, and automated summary tables
pkgs.typstPackages.zebra_0_1_0
A QR code and Data Matrix generator using Typst native rendering
pkgs.typstPackages.zebraw_0_1_0
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_2_0
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_3_0
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_4_0
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_4_1
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_4_2
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_4_3
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_4_4
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_4_5
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_4_6
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_4_7
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_4_8
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_5_0
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_5_1
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_5_2
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_5_3
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_5_4
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_5_5
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_6_0
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_6_1
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebra-notes_0_1_0
Elegant, non-intrusive collaborative note-taking and task marking for Typst documents. Features automatic numbering, bilingual support, and automated summary tables
Package maintainers
-
@ethancedwards8 Ethan Carter Edwards <ethan@ethancedwards.com>
-
@RossSmyth Ross Smyth
-
@cherrypiejam Gongqi Huang