Vulnerabilities > CVE-2019-7167 - Improper Check for Unusual or Exceptional Conditions vulnerability in Z.Cash Zcash

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

z-cash

CWE-754

NVD

Published: 2019-03-27

Updated: 2024-11-21

Summary

Zcash, before the Sapling network upgrade (2018-10-28), had a counterfeiting vulnerability. A key-generation process, during evaluation of polynomials related to a to-be-proven statement, produced certain bypass elements. Availability of these elements allowed a cheating prover to bypass a consistency check, and consequently transform the proof of one statement into an ostensibly valid proof of a different statement, thereby breaking the soundness of the proof system. This misled the original Sprout zk-SNARK verifier into accepting the correctness of a transaction.

Vulnerable Configurations

Part	Description	Count
Application	Z.Cash Z.Cash Zcash 0.11.2.Z0 Z.Cash Zcash 0.11.2.Z1 Z.Cash Zcash 0.11.2.Z2 Z.Cash Zcash 0.11.2.Z3 Z.Cash Zcash 0.11.2.Z4 Z.Cash Zcash 0.11.2.Z5 Z.Cash Zcash 0.11.2.Z6 Z.Cash Zcash 0.11.2.Z7 Z.Cash Zcash 0.11.2.Z8 Z.Cash Zcash 0.11.2.Z9 Z.Cash Zcash 1.0.0 Z.Cash Zcash 1.0.1 Z.Cash Zcash 1.0.2 Z.Cash Zcash 1.0.3 Z.Cash Zcash 1.0.4 Z.Cash Zcash 1.0.5 Z.Cash Zcash 1.0.6 Z.Cash Zcash 1.0.7 Z.Cash Zcash 1.0.7-1 Z.Cash Zcash 1.0.8 Z.Cash Zcash 1.0.8-1 Z.Cash Zcash 1.0.9 Z.Cash Zcash 1.0.10 Z.Cash Zcash 1.0.10-1 Z.Cash Zcash 1.0.11 Z.Cash Zcash 1.0.12 Z.Cash Zcash 1.0.13 Z.Cash Zcash 1.0.14 Z.Cash Zcash 1.0.15 Z.Cash Zcash 1.1.0 Z.Cash Zcash 1.1.1 Z.Cash Zcash 1.1.2 Z.Cash Zcash 2.0.0 Z.Cash Zcash 2.0.1	52

Common Weakness Enumeration (CWE)

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References