CVE-2019-7167

Zcash, before the Sapling network upgrade (2018-10-28), had a counterfeiting vulnerability. A key-generation process, during evaluation of polynomials related to a to-be-proven statement, produced certain bypass elements. Availability of these elements allowed a cheating prover to bypass a consistency check, and consequently transform the proof of one statement into an ostensibly valid proof of a different statement, thereby breaking the soundness of the proof system. This misled the original Sprout zk-SNARK verifier into accepting the correctness of a transaction.
Configurations

Configuration 1 (hide)

cpe:2.3:a:z.cash:zcash:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:47

Type Values Removed Values Added
References () http://fortune.com/2019/02/05/zcash-vulnerability-cryptocurrency/ - Press/Media Coverage, Third Party Advisory () http://fortune.com/2019/02/05/zcash-vulnerability-cryptocurrency/ - Press/Media Coverage, Third Party Advisory
References () https://github.com/JinBean/CVE-Extension - () https://github.com/JinBean/CVE-Extension -
References () https://z.cash/blog/zcash-counterfeiting-vulnerability-successfully-remediated/ - Vendor Advisory () https://z.cash/blog/zcash-counterfeiting-vulnerability-successfully-remediated/ - Vendor Advisory

Information

Published : 2019-03-27 02:29

Updated : 2024-11-21 04:47


NVD link : CVE-2019-7167

Mitre link : CVE-2019-7167

CVE.ORG link : CVE-2019-7167


JSON object : View

Products Affected

z.cash

  • zcash
CWE
CWE-754

Improper Check for Unusual or Exceptional Conditions