Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2019-7167

Zcash, before the Sapling network upgrade (2018-10-28), had a counterfeiting vulnerability. A key-generation process, during evaluation of polynomials related to a to-be-proven statement, produced certain bypass elements. Availability of these elements allowed a cheating prover to bypass a consistency check, and consequently transform the proof of one statement into an ostensibly valid proof of a different statement, thereby breaking the soundness of the proof system. This misled the original Sprout zk-SNARK verifier into accepting the correctness of a transaction.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.3%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
Products affected by CVE-2019-7167
  • Z.cash » Zcash » Version: 0.11.2.z0
    cpe:2.3:a:z.cash:zcash:0.11.2.z0
  • Z.cash » Zcash » Version: 0.11.2.z1
    cpe:2.3:a:z.cash:zcash:0.11.2.z1
  • Z.cash » Zcash » Version: 0.11.2.z2
    cpe:2.3:a:z.cash:zcash:0.11.2.z2
  • Z.cash » Zcash » Version: 0.11.2.z3
    cpe:2.3:a:z.cash:zcash:0.11.2.z3
  • Z.cash » Zcash » Version: 0.11.2.z4
    cpe:2.3:a:z.cash:zcash:0.11.2.z4
  • Z.cash » Zcash » Version: 0.11.2.z5
    cpe:2.3:a:z.cash:zcash:0.11.2.z5
  • Z.cash » Zcash » Version: 0.11.2.z6
    cpe:2.3:a:z.cash:zcash:0.11.2.z6
  • Z.cash » Zcash » Version: 0.11.2.z7
    cpe:2.3:a:z.cash:zcash:0.11.2.z7
  • Z.cash » Zcash » Version: 0.11.2.z8
    cpe:2.3:a:z.cash:zcash:0.11.2.z8
  • Z.cash » Zcash » Version: 0.11.2.z9
    cpe:2.3:a:z.cash:zcash:0.11.2.z9
  • Z.cash » Zcash » Version: 1.0.0
    cpe:2.3:a:z.cash:zcash:1.0.0
  • Z.cash » Zcash » Version: 1.0.1
    cpe:2.3:a:z.cash:zcash:1.0.1
  • Z.cash » Zcash » Version: 1.0.10
    cpe:2.3:a:z.cash:zcash:1.0.10
  • Z.cash » Zcash » Version: 1.0.10-1
    cpe:2.3:a:z.cash:zcash:1.0.10-1
  • Z.cash » Zcash » Version: 1.0.11
    cpe:2.3:a:z.cash:zcash:1.0.11
  • Z.cash » Zcash » Version: 1.0.12
    cpe:2.3:a:z.cash:zcash:1.0.12
  • Z.cash » Zcash » Version: 1.0.13
    cpe:2.3:a:z.cash:zcash:1.0.13
  • Z.cash » Zcash » Version: 1.0.14
    cpe:2.3:a:z.cash:zcash:1.0.14
  • Z.cash » Zcash » Version: 1.0.15
    cpe:2.3:a:z.cash:zcash:1.0.15
  • Z.cash » Zcash » Version: 1.0.2
    cpe:2.3:a:z.cash:zcash:1.0.2
  • Z.cash » Zcash » Version: 1.0.3
    cpe:2.3:a:z.cash:zcash:1.0.3
  • Z.cash » Zcash » Version: 1.0.4
    cpe:2.3:a:z.cash:zcash:1.0.4
  • Z.cash » Zcash » Version: 1.0.5
    cpe:2.3:a:z.cash:zcash:1.0.5
  • Z.cash » Zcash » Version: 1.0.6
    cpe:2.3:a:z.cash:zcash:1.0.6
  • Z.cash » Zcash » Version: 1.0.7
    cpe:2.3:a:z.cash:zcash:1.0.7
  • Z.cash » Zcash » Version: 1.0.7-1
    cpe:2.3:a:z.cash:zcash:1.0.7-1
  • Z.cash » Zcash » Version: 1.0.8
    cpe:2.3:a:z.cash:zcash:1.0.8
  • Z.cash » Zcash » Version: 1.0.8-1
    cpe:2.3:a:z.cash:zcash:1.0.8-1
  • Z.cash » Zcash » Version: 1.0.9
    cpe:2.3:a:z.cash:zcash:1.0.9
  • Z.cash » Zcash » Version: 1.1.0
    cpe:2.3:a:z.cash:zcash:1.1.0
  • Z.cash » Zcash » Version: 1.1.1
    cpe:2.3:a:z.cash:zcash:1.1.1
  • Z.cash » Zcash » Version: 1.1.2
    cpe:2.3:a:z.cash:zcash:1.1.2
  • Z.cash » Zcash » Version: 2.0.0
    cpe:2.3:a:z.cash:zcash:2.0.0
  • Z.cash » Zcash » Version: 2.0.1
    cpe:2.3:a:z.cash:zcash:2.0.1


Products
Pricing
Contact Us

Shodan ® - All rights reserved