SB2026051170 - Use-after-free in Zcash

Description

This security bulletin contains information about 1 vulnerability.

1) Use-after-free (CVE-ID: N/A)

The vulnerability allows a remote attacker to cause a denial of service and potentially execute arbitrary code.

The vulnerability exists due to use-after-free in zcashd::ConnectBlock when processing a crafted block message that triggers an early return after script verification work has been queued. A remote attacker can send a specially crafted block to cause a denial of service and potentially execute arbitrary code.

The issue affects multi-threaded script verification configurations where worker threads may still dereference PrecomputedTransactionData after the backing vector has been destroyed.

Remediation

Install update from vendor's website.

References

• https://github.com/zcash/zcash/security/advisories/GHSA-fqr9-fxpx-rfpf
• https://github.com/advisories/GHSA-fqr9-fxpx-rfpf