In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade zebra-state to version 7.0.0 or higher.
Affected versions of this package are vulnerable to Incomplete Cleanup through the non_finalized_block_write_sent_hashes process. An attacker can cause a node to become permanently stalled at a specific block height by delivering a poisoned block body with a duplicate header hash before the valid canonical block arrives. This prevents the node from advancing, causing it to diverge from the network tip and impacting downstream consumers. This is only exploitable if the node accepts inbound P2P connections and processes blocks past the checkpoint height, which are default configurations.
This vulnerability can be mitigated by reducing the node's inbound peer count to narrow the attack surface or by restarting the node to clear the in-memory cache.