Robustfengbin

**Name of the Vulnerable Software and Affected Versions** Zebra versions prior to 4.3.0 **Description** A flaw exists in Zebra’s transaction processing logic that allows a remote, unauthenticated attacker to cause a Zebra node to crash. This is triggered by sending a specially crafted V5 transaction that passes initial deserialization but fails during transaction ID calculation. The issue stems from Zebra lazily validating transaction fields. An attacker can trigger this crash by sending a single crafted `tx` message to a Zebra node's public P2P port or via the `sendrawtransaction` API endpoint. The `PushTransaction` messages with malformed V5 transactions are successfully deserialized as the `zebra-chain` `Transaction` type. **Recommendations** Upgrade to Zebra version 4.3.0 or later immediately. If an immediate upgrade is not possible, ensure the RPC port is not exposed to the Internet. Restrict the P2P port to trusted peers to fully mitigate the risk.