CVE-2019-16930

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-16930

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-16930.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-16930

Published

2019-09-28T22:15:09.857Z

Modified

2026-02-14T07:24:07.855072Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Zcashd in Zcash before 2.0.7-3 allows discovery of the IP address of a full node that owns a shielded address, related to mishandling of exceptions during deserialization of note plaintexts. This affects anyone who has disclosed their zaddr to a third party.

References

Affected packages

Git / github.com/zcash/zcash

Affected ranges

Type: GIT
Repo: https://github.com/zcash/zcash
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

c1fbf8ab5d73cff5e1f45236995857c75ba4128d

Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e3983afc03d256813662aa2cb07fbe1a05b9ab05

Affected versions

bitcoin-v0.*

bitcoin-v0.11.2

v0.*

v0.11.2.z0

v0.11.2.z1

v0.11.2.z2

v0.11.2.z3

v0.11.2.z4

v0.11.2.z5

v0.11.2.z6

v0.11.2.z7

v0.11.2.z8

v0.11.2.z9

v0.9.0rc2

v1.*

v1.0.0

v1.0.0-beta1

v1.0.0-beta2

v1.0.0-rc1

v1.0.0-rc2

v1.0.0-rc3

v1.0.0-rc4

v1.0.1

v1.0.10

v1.0.10-1

v1.0.11

v1.0.11-rc1

v1.0.12

v1.0.12-rc1

v1.0.13

v1.0.13-rc1

v1.0.13-rc2

v1.0.14

v1.0.14-rc1

v1.0.15

v1.0.15-rc1

v1.0.2

v1.0.3

v1.0.4

v1.0.5

v1.0.6

v1.0.7-1

v1.0.8

v1.0.8-1

v1.0.9

v1.1.0

v1.1.0-rc1

v1.1.1

v1.1.1-rc1

v1.1.1-rc2

v1.1.2

v1.1.2-rc1

v2.*

v2.0.0

v2.0.0-rc1

v2.0.1

v2.0.1-rc1

v2.0.2

v2.0.2-rc1

v2.0.3

v2.0.3-rc1

v2.0.4

v2.0.4-rc1

v2.0.5

v2.0.5-1

v2.0.5-2

v2.0.5-rc1

v2.0.6

v2.0.6-rc1

v2.0.7

v2.0.7-2

v2.0.7-rc1

zc.*

zc.v0.11.2.z0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-16930.json"

vanir_signatures

[
    {
        "digest": {
            "function_hash": "81082098138449732548134005623726196796",
            "length": 671.0
        },
        "signature_version": "v1",
        "target": {
            "file": "src/zcash/Note.cpp",
            "function": "SaplingNotePlaintext::decrypt"
        },
        "signature_type": "Function",
        "id": "CVE-2019-16930-22ef2bea",
        "source": "https://github.com/zcash/zcash/commit/c1fbf8ab5d73cff5e1f45236995857c75ba4128d",
        "deprecated": false
    },
    {
        "digest": {
            "function_hash": "226413415805767596118391592283434920717",
            "length": 585.0
        },
        "signature_version": "v1",
        "target": {
            "file": "src/zcash/Note.cpp",
            "function": "SaplingNotePlaintext::decrypt"
        },
        "signature_type": "Function",
        "id": "CVE-2019-16930-55fb5273",
        "source": "https://github.com/zcash/zcash/commit/c1fbf8ab5d73cff5e1f45236995857c75ba4128d",
        "deprecated": false
    },
    {
        "digest": {
            "line_hashes": [
                "73458758040443046124580122407287945385",
                "95342543725302552392462330207005166191",
                "338569015563194776666709266388694578267",
                "191487860421057871753813933270403390985",
                "44238610660071775447404839794715411707",
                "36486753304366101197268453869191804664",
                "84626146118490708727224022320579326072",
                "209792595390317872818817214044060373932",
                "217331980017304715365438491509525232714",
                "73458758040443046124580122407287945385",
                "95342543725302552392462330207005166191",
                "293236682108603033514880275442727465318",
                "184548145835460818316123714756850878297",
                "26929394811047353936549775145663041748",
                "234833883886567991443154247070588807811",
                "152652648309849732903093461474099320072",
                "105473171054090208979580222112558053678",
                "73458758040443046124580122407287945385",
                "95342543725302552392462330207005166191",
                "293236682108603033514880275442727465318",
                "184548145835460818316123714756850878297",
                "303924817537138302177377503403421379227",
                "190562178755425538742944193484407493280",
                "295222250789982818101907540096750501670",
                "185310990253975377630052674745026912779",
                "147032117456263578289284128795161813100",
                "2395101524007171883795828184359635277",
                "38954888429297238899312249043551197961"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "target": {
            "file": "src/zcash/Note.cpp"
        },
        "signature_type": "Line",
        "id": "CVE-2019-16930-629e0210",
        "source": "https://github.com/zcash/zcash/commit/c1fbf8ab5d73cff5e1f45236995857c75ba4128d",
        "deprecated": false
    },
    {
        "digest": {
            "function_hash": "86796552645456208568359934111628771170",
            "length": 386.0
        },
        "signature_version": "v1",
        "target": {
            "file": "src/zcash/Note.cpp",
            "function": "SaplingOutgoingPlaintext::decrypt"
        },
        "signature_type": "Function",
        "id": "CVE-2019-16930-d3f77e7b",
        "source": "https://github.com/zcash/zcash/commit/c1fbf8ab5d73cff5e1f45236995857c75ba4128d",
        "deprecated": false
    }
]