The Zcash Foundation released an emergency security update for Zebra 4.5.0, fixing several consensus-level vulnerabilities.

CoinFeed reported on May 30th that the Zcash Foundation released an update to its node client, Zebra, version 4.5.0. This version includes several security fixes, including a critical consensus vulnerability and several high-risk denial-of-service (DoS) issues. All node operators are strongly advised to upgrade immediately. The core fixes include a sigop counting error caused by P2SH script parsing (potentially leading to a consensus fork with zcashd), a flaw in the NU5 block verification cache logic, a risk of crashes due to transparent address balance overflows, and several crashes and resource exhaustion vulnerabilities in RPC interfaces and memory pool processing. Furthermore, some vulnerabilities can be exploited by malicious nodes to cause nodes to freeze, restart in a loop, or even permanently stop operating.