Zcash PING vulnerability. Affects both Sapling and Sprout addresses, and is caused by the internal wallet code processing new transactions inline with the network code. An attacker could also forward a transaction from another node to the victim and learn the association between that transaction and the node without knowing the address. The timing of the victim node’s response to the attacker’s probing transaction is enough for the attacker to determine if the victim peer has the viewing key loaded. We fixed this in Zcashd 2.0.7-3 by changing the code to defer wallet processing of new transactions to another thread.
Vulmon