CVE Vulnerability

CVE-2019-16930

Zcashd in Zcash before 2.0.7-3 allows discovery of the IP address of a full node that owns a shielded address, related to mishandling of exceptions during deserialization of note plaintexts. This affects anyone who has disclosed their zaddr to a third party.

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

5.3 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/zcash/zcash/commit/c1fbf8ab5d73cff5e1f45236995857c75ba4128d Patch Third Party Advisory
https://z.cash/support/security/announcements/security-announcement-2019-09-24/ Vendor Advisory
https://github.com/zcash/zcash/releases/tag/v2.0.7-3 Third Party Advisory
http://duke.leto.net/2019/10/01/zcash-metadata-leakage-cve-2019-16930.html Mitigation Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:z.cash:zcash:*:*:*:*:*:*:*:*
Information

Published : 2019-09-28 10:15

Updated : 2019-10-04 03:58

NVD link : CVE-2019-16930

Mitre link : CVE-2019-16930

Products Affected
No products.
CWE
CWE-755