Login Sign Up

CVE-2019-7167

7.5 HIGH

📋 TL;DR

This vulnerability allowed attackers to create counterfeit Zcash cryptocurrency by bypassing cryptographic proof verification in the Sprout protocol. It affected all Zcash users and nodes running software before the Sapling network upgrade. The flaw enabled cheating provers to generate fake proofs that would be accepted as valid transactions.

💻 Affected Systems

Products:
  • Zcash
Versions: All versions before Sapling network upgrade (before 2018-10-28)
Operating Systems: All platforms running Zcash software
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability was in the Sprout protocol implementation; all Zcash nodes and wallets using Sprout addresses were affected.

📦 What is this software?

Zcash by Z.cash

View all CVEs affecting Zcash →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Massive inflation of Zcash supply through unlimited counterfeiting, complete loss of trust in the cryptocurrency, and total devaluation of ZEC tokens.

🟠

Likely Case

Targeted counterfeiting by sophisticated attackers leading to market manipulation, theft from exchanges, and erosion of confidence in Zcash's security.

🟢

If Mitigated

No impact for properly upgraded systems; legacy systems remain vulnerable to counterfeiting attacks.

🌐 Internet-Facing: HIGH - Cryptocurrency nodes are inherently internet-facing and process transactions from untrusted sources.
🏢 Internal Only: LOW - The vulnerability is specific to Zcash's proof verification system, not internal network access.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: HIGH

Exploitation requires deep understanding of zk-SNARK cryptography and the specific bypass elements. No public exploits have been documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Sapling network upgrade (2018-10-28) and later

Vendor Advisory: https://z.cash/blog/zcash-counterfeiting-vulnerability-successfully-remediated/

Restart Required: Yes

Instructions:

1. Upgrade to Zcash software version supporting Sapling protocol (v2.0.0 or later). 2. Migrate all funds from Sprout addresses to Sapling addresses. 3. Ensure network consensus is on Sapling protocol.

🔧 Temporary Workarounds

Disable Sprout transactions

all

Configure node to reject Sprout protocol transactions

zcashd -disablesprout

🧯 If You Can't Patch

  • Migrate all funds to Sapling addresses immediately
  • Discontinue use of vulnerable Zcash software and switch to updated version

🔍 How to Verify

Check if Vulnerable:

Check if Zcash software version is before 2.0.0 or if node is still processing Sprout transactions

Check Version:

zcash-cli getinfo | grep version

Verify Fix Applied:

Verify software version is 2.0.0 or later and confirm all funds are in Sapling addresses

📡 Detection & Monitoring

Log Indicators:

  • Unusual Sprout transaction patterns
  • Multiple successful large-value Sprout transactions from single source

Network Indicators:

  • Abnormal increase in Sprout transaction volume
  • Suspicious proof generation patterns

SIEM Query:

zcash_logs WHERE transaction_type='sprout' AND value>threshold

📊 Metadata

CVE ID: CVE-2019-7167
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE: CWE-754
Published: March 27, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-7167, you might also want to check these:

CVE-2026-24054 10.0

A vulnerability in Kata Containers allows malformed container images with no layers to cause the hos...

Same vulnerability type (CWE-754)
CVE-2021-0211 10.0

This vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows attackers to send specia...

Same vulnerability type (CWE-754)
CVE-2020-8986 9.8

CVE-2020-8986 is an authentication bypass vulnerability in ZendTo file transfer software where impro...

Same vulnerability type (CWE-754)