TechFlow News, May 29: The Zcash Foundation released version 4.5.0 of its node client Zebra. This release includes multiple security fixes—among them a consensus-critical vulnerability and several high-severity denial-of-service (DoS) issues—and strongly recommends that all node operators upgrade immediately.
Key fixes in this release include a sigop counting error in P2SH script parsing (which could cause a consensus fork with zcashd), a caching logic flaw in NU5 block validation, a potential crash due to transparent address balance overflow, and multiple vulnerabilities in RPC interfaces and mempool handling leading to crashes and resource exhaustion. Some of these vulnerabilities can be exploited by malicious nodes to stall nodes, trigger restart loops, or even cause permanent shutdown.
