Nixpkgs security tracker
8.7 HIGH
- CVSS version (CVSS): 4.0
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Attack Requirement (AT): None (N)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Vulnerable System Impact Confidentiality (VC): None (N)
- Vulnerable System Impact Integrity (VI): None (N)
- Vulnerable System Impact Availability (VA): High (H)
- Subsequent System Impact Confidentiality (SC): None (N)
- Subsequent System Impact Integrity (SI): None (N)
- Subsequent System Impact Availability (SA): None (N)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Attack Requirement (MAT): None (N)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Vulnerable System Impact Confidentiality (MVC): None (N)
- Modified Vulnerable System Impact Integrity (MVI): None (N)
- Modified Vulnerable System Impact Availability (MVA): High (H)
- Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
- Modified Subsequent System Impact Integrity (MSI): Negligible (N)
- Modified Subsequent System Impact Availability (MSA): Negligible (N)
- Safety (S): Not Defined (X)
- Automatable (AU): Not Defined (X)
- Recovery (R): Not Defined (X)
- Value Density (V): Not Defined (X)
- Vulnerability Response Effort (RE): Not Defined (X)
- Provider Urgency (U): Not Defined (X)
- Confidentiality Req. (CR): Not Defined (X)
- Integrity Req. (IR): Not Defined (X)
- Availability Req. (AR): Not Defined (X)
- Exploit Maturity (E): Not Defined (X)
Activity log
- Created suggestion
ZEBRA: Permanent Block Discovery Halt via Gossip Queue Saturation and Syncer Poisoning
ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, a composite denial-of-service vulnerability in Zebra's block discovery pipeline allows an unauthenticated remote attacker to permanently halt all new block discovery on a targeted node. The attack exploits three independent weaknesses in the gossip, syncer, and download subsystems — all exercisable from a single TCP connection — to create a monotonically growing block deficit that never self-heals. This issue has been patched in version 4.4.0.
References
-
https://github.com/ZcashFoundation/zebra/security/advisories/GHSA-h9hm-m2xj-4rq9 x_refsource_CONFIRM
Affected products
- ==< 4.4.0
Matching in nixpkgs
pkgs.typstPackages.zebra
A QR code and Data Matrix generator using Typst native rendering
pkgs.typstPackages.zebraw
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.python312Packages.zebrafy
Python library for converting PDF and images to and from Zebra Programming Language
pkgs.python313Packages.zebrafy
Python library for converting PDF and images to and from Zebra Programming Language
pkgs.python314Packages.zebrafy
Python library for converting PDF and images to and from Zebra Programming Language
pkgs.typstPackages.zebra-notes
Elegant, non-intrusive collaborative note-taking and task marking for Typst documents. Features automatic numbering, bilingual support, and automated summary tables
pkgs.typstPackages.zebra_0_1_0
A QR code and Data Matrix generator using Typst native rendering
pkgs.typstPackages.zebraw_0_1_0
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_2_0
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_3_0
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_4_0
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_4_1
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_4_2
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_4_3
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_4_4
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_4_5
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_4_6
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_4_7
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_4_8
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_5_0
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_5_1
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_5_2
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_5_3
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_5_4
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_5_5
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_6_0
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebraw_0_6_1
A lightweight and fast package for displaying code blocks with line numbers or highlighting
pkgs.typstPackages.zebra-notes_0_1_0
Elegant, non-intrusive collaborative note-taking and task marking for Typst documents. Features automatic numbering, bilingual support, and automated summary tables
Package maintainers
-
@ethancedwards8 Ethan Carter Edwards <ethan@ethancedwards.com>
-
@RossSmyth Ross Smyth
-
@cherrypiejam Gongqi Huang