VYPR

Zcashd

by Electric Coin Company

CVEs (2)

  • CVE-2020-8806HigFeb 5, 2021
    risk 0.49cvss 7.5epss 0.01

    Electric Coin Company Zcashd before 2.1.1-1 allows attackers to trigger consensus failure and double spending. A valid chain could be incorrectly rejected because timestamp requirements on block headers were not properly enforced.

  • CVE-2020-8807MedFeb 5, 2021
    risk 0.35cvss 5.3epss 0.01

    In Electric Coin Company Zcashd before 2.1.1-1, the time offset between messages could be leveraged to obtain sensitive information about the relationship between a suspected victim's address and an IP address, aka a timing side channel.