Connect with us
Active Currencies 16227
Market Cap $3,477,316,296,822.90
Bitcoin Share 55.02%
24h Market Cap Change $-4.32

Zcash rectifies vulnerabilities by re-releasing version 2.0.7-3 of Zcashd

2min Read

Share this article

The recent crash in the cryptocurrency market pushed several currencies down to their yearly lows. Privacy-focused coin, Zcash, was one of them as the coin recorded a yearly low of $35.38 on 27 September. At the time of writing, ZEC stood 29th on CoinMarketCap and was valued at $37.72, recording a 1.12% drop in its price over the last 24 hours.

In a recent update, the creator of the privacy-based altcoin, Electronic Coin Company [ECC], published a report revealing the release of version 2.0.7-3 of Zcashd. The company had previously released the same version. However, Florian Tramèr, Dan Boneh, and Kenneth G. Paterson had pointed out several issues pertaining to the said version. The trio had classified the same into two vulnerabilities, Reject and Ping. The latest available version of Zcashd is meant to address these very vulnerabilities.

As per ECC’s blog post, the Reject vulnerability, which was later named CVE-2019-16930, posed a threat to sapling addresses. This vulnerability is caused due to an “unhandled exception” in the wallet processing code. However, Zcashd fixed the same by altering the code to handle the exception. The ECC also wrote that it hadn’t encountered a problem like this.

The Ping vulnerability acted as intimidation to both sapling and sprout addresses and was labeled as CVE-2019-17048. This vulnerability is mainly prompted by the internal wallet code that processes new transactions, in line with the network code. The post further suggested that potential attackers would be able to derive the relationship between the transaction and the node, without the use of the victim’s address. Furthermore, the post read,

“The timing of the victim node’s response to the attacker’s probing transaction is enough for the attacker to determine if the victim peer has the viewing key loaded.”

Zcashd 2.0.7-3 now shelters a modified code that would yield wallet processing of new transactions on another thread. In an effort to avoid any compromise of privacy, logfile shrinking has been disabled in the latest version.

The Electronic Coin Company went on to ask users to upgrade to the fixed version, as the same has been made available.

Share

Biraajmaan is a full-time journalist at AMBCrypto covering the US market. A graduate in Automobile engineering, he writes mainly about regulations and its impact with a focus on technological advancements in the crypto space.
Read the best crypto stories of the day in less than 5 minutes
Subscribe to get it daily in your inbox.
Please check the format of your first name and/or email address.

Thank you for subscribing to Unhashed.