Nixpkgs security tracker
5.3 MEDIUM
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): None (N)
- Integrity (I): None (N)
- Availability (A): Low (L)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): None (N)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): None (N)
- Modified Availability (MA): Low (L)
Activity log
- Created suggestion
ZEBRA: Allocation Amplification in Inbound Network Deserializers
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0, prior to zebra-chain version 7.0.0, and prior to zebra-network version 6.0.0, several inbound deserialization paths in Zebra allocated buffers sized against generic transport or block-size ceilings before the tighter protocol or consensus limits were enforced. An unauthenticated or post-handshake peer could therefore force the node to preallocate and parse for orders of magnitude more data than the protocol intended, across headers messages, equihash solutions in block headers, Sapling spend vectors in V5/V4 transactions, and coinbase script bytes in blocks. This issue has been patched in zebrad version 4.4.0, zebra-chain version 7.0.0, and zebra-network version 6.0.0.
References
-
https://github.com/ZcashFoundation/zebra/security/advisories/GHSA-438q-jx8f-cccv x_refsource_CONFIRM
Affected products
- ==zebra-network < 6.0.0
- ==zebra-chain < 7.0.0
- ==zebrad < 4.4.0
Matching in nixpkgs
pkgs.typstPackages.zebra
A QR code and Data Matrix generator using Typst native rendering
pkgs.typstPackages.zebraw
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.python312Packages.zebrafy
Python library for converting PDF and images to and from Zebra Programming Language
pkgs.python313Packages.zebrafy
Python library for converting PDF and images to and from Zebra Programming Language
pkgs.python314Packages.zebrafy
Python library for converting PDF and images to and from Zebra Programming Language
pkgs.typstPackages.zebra-notes
Elegant, non-intrusive collaborative note-taking and task marking for Typst documents. Features automatic numbering, bilingual support, and automated summary tables
pkgs.typstPackages.zebra_0_1_0
A QR code and Data Matrix generator using Typst native rendering
pkgs.typstPackages.zebraw_0_1_0
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_2_0
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_3_0
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_4_0
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_4_1
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_4_2
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_4_3
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_4_4
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_4_5
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_4_6
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_4_7
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_4_8
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_5_0
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_5_1
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_5_2
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_5_3
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_5_4
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_5_5
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_6_0
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_6_1
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebra-notes_0_1_0
Elegant, non-intrusive collaborative note-taking and task marking for Typst documents. Features automatic numbering, bilingual support, and automated summary tables
Package maintainers
-
@ethancedwards8 Ethan Carter Edwards <ethan@ethancedwards.com>
-
@RossSmyth Ross Smyth
-
@cherrypiejam Gongqi Huang