The Zcash Foundation has released an emergency security update for Zebra 4.5.0, fixing multiple consensus-level vulnerabilities

The Zcash Foundation has released the node client Zebra version 4.5.0 update, which includes multiple security fixes, including a critical consensus vulnerability and several high-risk denial of service (DoS) issues. All node operators are strongly advised to upgrade immediately.

It is reported that this core fix includes a sigop counting error caused by P2SH script parsing (which may lead to a consensus fork with zcashd), a defect in the NU5 block validation cache logic, a risk of transparent address balance overflow crashes, as well as multiple crashes and resource exhaustion vulnerabilities in RPC interfaces and memory pool handling. Additionally, some vulnerabilities can be exploited by malicious nodes, leading to node freezes, reboot loops, or even permanent shutdowns.