VYPR
Unrated severityOSV Advisory· Published Mar 27, 2019· Updated Aug 4, 2024

CVE-2019-7167

CVE-2019-7167

Description

Zcash, before the Sapling network upgrade (2018-10-28), had a counterfeiting vulnerability. A key-generation process, during evaluation of polynomials related to a to-be-proven statement, produced certain bypass elements. Availability of these elements allowed a cheating prover to bypass a consistency check, and consequently transform the proof of one statement into an ostensibly valid proof of a different statement, thereby breaking the soundness of the proof system. This misled the original Sprout zk-SNARK verifier into accepting the correctness of a transaction.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Zcash/ZcashOSV2 versions
    bitcoin-v0.11.2, v0.11.2.z0, v0.11.2.z1, …+ 1 more
    • (no CPE)range: bitcoin-v0.11.2, v0.11.2.z0, v0.11.2.z1, …
    • (no CPE)range: < 2018-10-28 (Sapling network upgrade)

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.