Zcash Releases Software Fix After Denial-of-Service Bug Discovery
The development team behind the zcash project has released a new software update following the discovery of a denial-of-service vulnerability.
The development team behind the zcash project has released a new software update following the discovery of a denial-of-service vulnerability.
In a new blog post, developers Zooko Wilcox and Paige Peterson detailed how the bug could enable an attacker to crash a zcash node remotely by sending a certain kind of transaction.
The bug was traced to a change included in the project’s 1.0.4 release, related to how transactions are given priority in a node’s mempool. Word first emerged that a vulnerability had been discovered on Wednesday.
The post explained:
Zcash published an update addressing the bug, advising users to upgrade in order to eliminate the remote-crash risk. The team behind the project also said that, should signs emerge that an attack attempt is being made, it would issue alerts and coordinate with related services on a response.
STORY CONTINUES BELOW
Disclaimer: CoinDesk is a subsidiary of Digital Currency Group, which has an ownership stake in Zcash Company.
Image via Shutterstock