CVE-2019-7167

Published: Mar 27, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Zcash, before the Sapling network upgrade (2018-10-28), had a counterfeiting vulnerability. A key-generation process, during evaluation of polynomials related to a to-be-proven statement, produced certain bypass elements. Availability of these elements allowed a cheating prover to bypass a consistency check, and consequently transform the proof of one statement into an ostensibly valid proof of a different statement, thereby breaking the soundness of the proof system. This misled the original Sprout zk-SNARK verifier into accepting the correctness of a transaction.

Affected (1)

Products: Z.cash: Zcash

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Z.cash Zcash	Up to 2.0.1

Related CWEs

Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

References (6)

http://fortune.com/2019/02/05/zcash-vulnerability-cryptocurrency/

Source: cve@mitre.org

Press/Media CoverageThird Party Advisory

https://github.com/JinBean/CVE-Extension

Source: cve@mitre.org

https://z.cash/blog/zcash-counterfeiting-vulnerability-successfully-remediated/

Source: cve@mitre.org

Vendor Advisory

http://fortune.com/2019/02/05/zcash-vulnerability-cryptocurrency/

Source: af854a3a-2127-422b-91ae-364da2661108

Press/Media CoverageThird Party Advisory

https://github.com/JinBean/CVE-Extension

Source: af854a3a-2127-422b-91ae-364da2661108

https://z.cash/blog/zcash-counterfeiting-vulnerability-successfully-remediated/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.