Nixpkgs security tracker
9.2 CRITICAL
- CVSS version (CVSS): 4.0
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Attack Requirement (AT): None (N)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Vulnerable System Impact Confidentiality (VC): None (N)
- Vulnerable System Impact Integrity (VI): None (N)
- Vulnerable System Impact Availability (VA): High (H)
- Subsequent System Impact Confidentiality (SC): None (N)
- Subsequent System Impact Integrity (SI): None (N)
- Subsequent System Impact Availability (SA): High (H)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Attack Requirement (MAT): None (N)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Vulnerable System Impact Confidentiality (MVC): None (N)
- Modified Vulnerable System Impact Integrity (MVI): None (N)
- Modified Vulnerable System Impact Availability (MVA): High (H)
- Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
- Modified Subsequent System Impact Integrity (MSI): Negligible (N)
- Modified Subsequent System Impact Availability (MSA): High (H)
- Safety (S): Not Defined (X)
- Automatable (AU): Not Defined (X)
- Recovery (R): Not Defined (X)
- Value Density (V): Not Defined (X)
- Vulnerability Response Effort (RE): Not Defined (X)
- Provider Urgency (U): Not Defined (X)
- Confidentiality Req. (CR): Not Defined (X)
- Integrity Req. (IR): Not Defined (X)
- Availability Req. (AR): Not Defined (X)
- Exploit Maturity (E): Not Defined (X)
Activity log
- Created suggestion
ZEBRA: rk Identity Point Panic in Transaction Verification
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-chain version 6.0.2, Orchard transactions contain a rk field which is a randomized validating key and also an elliptic curve point. The Zcash specification allows the field to be the identity (a "zero" value), however, the orchard crate which is used to verify Orchard proofs would panic when fed a rk with the identity value. Thus an attacker could send a crafted transaction that would make a Zebra node crash. This issue has been patched in zebrad version 4.3.1 and zebra-chain version 6.0.2.
References
-
https://github.com/ZcashFoundation/zebra/security/advisories/GHSA-452v-w3gx-72wg x_refsource_CONFIRM
Affected products
- ==zebrad < 4.3.1
- ==zebra-chain < 6.0.2
Matching in nixpkgs
pkgs.typstPackages.zebra
A QR code and Data Matrix generator using Typst native rendering
pkgs.typstPackages.zebraw
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.python312Packages.zebrafy
Python library for converting PDF and images to and from Zebra Programming Language
pkgs.python313Packages.zebrafy
Python library for converting PDF and images to and from Zebra Programming Language
pkgs.python314Packages.zebrafy
Python library for converting PDF and images to and from Zebra Programming Language
pkgs.typstPackages.zebra-notes
Elegant, non-intrusive collaborative note-taking and task marking for Typst documents. Features automatic numbering, bilingual support, and automated summary tables
pkgs.typstPackages.zebra_0_1_0
A QR code and Data Matrix generator using Typst native rendering
pkgs.typstPackages.zebraw_0_1_0
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_2_0
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_3_0
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_4_0
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_4_1
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_4_2
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_4_3
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_4_4
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_4_5
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_4_6
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_4_7
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_4_8
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_5_0
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_5_1
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_5_2
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_5_3
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_5_4
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_5_5
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_6_0
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_6_1
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebra-notes_0_1_0
Elegant, non-intrusive collaborative note-taking and task marking for Typst documents. Features automatic numbering, bilingual support, and automated summary tables
Package maintainers
-
@ethancedwards8 Ethan Carter Edwards <ethan@ethancedwards.com>
-
@RossSmyth Ross Smyth
-
@cherrypiejam Gongqi Huang