Vulnerabilities > CVE-2019-16930 - Improper Handling of Exceptional Conditions vulnerability in Z.Cash Zcash
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
Zcashd in Zcash before 2.0.7-3 allows discovery of the IP address of a full node that owns a shielded address, related to mishandling of exceptions during deserialization of note plaintexts. This affects anyone who has disclosed their zaddr to a third party.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- http://duke.leto.net/2019/10/01/zcash-metadata-leakage-cve-2019-16930.html
- http://duke.leto.net/2019/10/01/zcash-metadata-leakage-cve-2019-16930.html
- https://github.com/zcash/zcash/commit/c1fbf8ab5d73cff5e1f45236995857c75ba4128d
- https://github.com/zcash/zcash/commit/c1fbf8ab5d73cff5e1f45236995857c75ba4128d
- https://github.com/zcash/zcash/releases/tag/v2.0.7-3
- https://github.com/zcash/zcash/releases/tag/v2.0.7-3
- https://z.cash/support/security/announcements/security-announcement-2019-09-24/
- https://z.cash/support/security/announcements/security-announcement-2019-09-24/