Shieldedonly

**Name of the Vulnerable Software and Affected Versions** zebrad versions 2.2.0 through 4.3.0 zebra-rpc versions 1.0.0-beta.45 through 6.0.1 **Description** A flaw in the JSON-RPC HTTP middleware allows an authenticated RPC client to cause a node crash. The issue occurs when a client disconnects before the request body is fully received, such as by resetting the TCP connection mid-transfer. The node incorrectly treats the failure to read the HTTP request body as an unrecoverable error and aborts the process instead of returning an error response, resulting in a Denial of Service (DoS). This can be exploited by clients with valid RPC credentials or on nodes where cookie authentication is disabled and the RPC interface is exposed. **Recommendations** Update zebrad to version 4.3.1. Update zebra-rpc to version 6.0.2. Ensure the RPC port is not exposed to untrusted networks and keep cookie authentication enabled.