How severe is CVE-2019-7167?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2019-7167?

This is classified as CWE-754, which is a common weakness in software security.

CVE-2019-7167 - HIGH Severity | CVSS 7.5

Vulnerability Description

Zcash, before the Sapling network upgrade (2018-10-28), had a counterfeiting vulnerability. A key-generation process, during evaluation of polynomials related to a to-be-proven statement, produced certain bypass elements. Availability of these elements allowed a cheating prover to bypass a consistency check, and consequently transform the proof of one statement into an ostensibly valid proof of a different statement, thereby breaking the soundness of the proof system. This misled the original Sprout zk-SNARK verifier into accepting the correctness of a transaction.

Related Vulnerabilities

CVE-2016-8209

HIGH

CVSS:7.5(High)

Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allo...

CWE-7542016

CVE-2017-10894

HIGH

CVSS:7.5(High)

StreamRelay.NET.exe ver2.14.0.7 and earlier allows remote attackers to cause a denial of service via unspecified vectors.

CWE-7542017

CVE-2017-10895

HIGH

CVSS:7.5(High)

sDNSProxy.exe ver1.1.0.0 and earlier allows remote attackers to cause a denial of service via unspecified vectors.

CWE-7542017

CVE-2017-11144

HIGH

CVSS:7.5(High)

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of t...

CWE-7542017

CVE-2017-12119

HIGH

CVSS:7.5(High)

An exploitable unhandled exception vulnerability exists in multiple APIs of CPP-Ethereum JSON-RPC. Specially crafted JSON requests can cause an unhandled exception resulting in denial of service. An a...

CWE-7542017

CVE-2017-17083

HIGH

CVSS:7.5(High)

In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginnin...

CWE-7542017