Zcash Foundation: Releases Zebra 4.4.0, Fixes Multiple Consensus-Level Security Vulnerabilities, Urges Immediate Node Upgrade

Odaily reports that the Zcash Foundation has officially announced the release of Zebra 4.4.0. This update fixes multiple critical consensus-level security vulnerabilities and strongly recommends that all node operators upgrade immediately. The fixes include a denial-of-service vulnerability that could permanently halt the discovery of new blocks, a consensus divergence issue caused by incorrect block signature operation (sigops) counting, abnormal handling of transparent transaction signature hashes, and risks of memory allocation amplification attacks.

The Zcash Foundation stated that some of these vulnerabilities could cause Zebra nodes to accept blocks rejected by zcashd, potentially leading to chain forks. Without a timely update, nodes face risks such as interrupted block discovery, consensus forks, and amplified resource consumption, and there is currently no alternative mitigation solution available.