Lucene search

GitHub Advisory DatabaseGHSA-2CHG-86HQ-7W38

HistoryNov 07, 2022 - 12:00 p.m.

btcd mishandles witness size checking

2022-11-0712:00:34

GitHub Advisory Database

github.com

btcd

witness size

checking

lightning labs

lnd

bitcoin-related products

versions before 0.23.2

github.com/btcsuite/btcd/wire

software

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

58.6%

JSON

btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size checking.

Specific Go Packages Affected

github.com/btcsuite/btcd/wire

Affected configurations

Vulners

Node

github.com\/btcsuite\/gosocksRange<0.23.2

github.com\/lightningnetwork\/lndRange<0.15.2-beta

CPENameOperatorVersion
github.com/btcsuite/btcdlt0.23.2
github.com/lightningnetwork/lndlt0.15.2-beta

CPE	Name	Operator	Version
	github.com/btcsuite/btcd	lt	0.23.2
	github.com/lightningnetwork/lnd	lt	0.15.2-beta

References

github.com/advisories/GHSA-2chg-86hq-7w38

github.com/btcsuite/btcd/commit/7fdaf6958781df46fffee4bc8bee38801c066da8

github.com/btcsuite/btcd/pull/1896

github.com/btcsuite/btcd/releases/tag/v0.23.2

github.com/lightningnetwork/lnd/issues/7002

github.com/lightningnetwork/lnd/releases/tag/v0.15.2-beta

nvd.nist.gov/vuln/detail/CVE-2022-44797

pkg.go.dev/vuln/GO-2022-1098

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

58.6%

JSON

Related for GHSA-2CHG-86HQ-7W38