EUVD-2021-0992

Malware in sbrugna...

CVE-2022-39389

Lightning Network Daemon lnd is an implementation of a lightning bitcoin overlay network node. All lnd nodes before version v0.15.4 are vulnerable to a block parsing bug that can cause a node to enter a degraded state once encountered. In this degraded state, nodes can continue to make payments a...

GO-2024-2943 Lightning Network Daemon (LND)'s onion processing logic leads to a denial of service in github.com/lightningnetwork/lnd

Lightning Network Daemon LND's onion processing logic leads to a denial of service in github.com/lightningnetwork/lnd...

CVE-2024-38359 Lightning Network Daemon Onion Bomb

The Lightning Network Daemon lnd - is a complete implementation of a Lightning Network node. A parsing vulnerability in lnd's onion processing logic and lead to a DoS vector due to excessive memory allocation. The issue was patched in lnd v0.17.0. Users should update to a version v0.17.0 to be...

CVE-2024-38359

The CVE-2024-38359 vulnerability affects the Lightning Network Daemon (lnd) in its onion processing logic, causing a Denial-of-Service due to excessive memory allocation. It has been patched in lnd v0.17.0; upgrading to a version greater than 0.17.0 mitigates the issue. As a partial mitigation, u...

Lightning Network Daemon (LND)'s onion processing logic leads to a denial of service

Impact A parsing vulnerability in lnd's onion processing logic led to a DoS vector due to excessive memory allocation. Patches The issue was patched in lnd v0.17.0. Users should update to a version = v0.17.0 to be protected. References Detailed blog post:...

Lightning Network Daemon Security Vulnerability

Lightning Network Daemon LND is a software for a complete implementation of Lightning Network nodes by the Lightningnetwork team. The software belongs to a node of the Lightning Payment Network and implements the regulations specified in the Lightning Network Specification Compliance protocol,...

PT-2024-27958 · Lnd · Lnd

Name of the Vulnerable Software and Affected Versions: Lightning Network Daemon lnd versions prior to 0.17.0 Description: A parsing vulnerability in lnd's onion processing logic leads to a denial of service vector due to excessive memory allocation. Recommendations: For versions prior to 0.17.0,...

Lightning Network Daemon 输入验证错误漏洞

Lightning Network Daemon LND is a software for a complete implementation of Lightning Network nodes by the Lightningnetwork team. The software belongs to a node of the Lightning Payment Network and implements the regulations specified in the Lightning Network Specification Compliance protocol,...

CVE-2022-39389

CVE-2022-39389 (lnd) affects Lightning Network Daemon (lnd) prior to v0.15.4. The vulnerability is a block parsing bug that can cause a node to enter a degraded state after processing certain blocks. In this state, a node can still forward HTLCs and make payments but cannot open channels, and on-...

CVE-2022-39389 Witness Block Parsing DoS Vulnerability in lnd

Lightning Network Daemon lnd is an implementation of a lightning bitcoin overlay network node. All lnd nodes before version v0.15.4 are vulnerable to a block parsing bug that can cause a node to enter a degraded state once encountered. In this degraded state, nodes can continue to make payments a...

CVE-2022-39389 Witness Block Parsing DoS Vulnerability in lnd

Lightning Network Daemon lnd is an implementation of a lightning bitcoin overlay network node. All lnd nodes before version v0.15.4 are vulnerable to a block parsing bug that can cause a node to enter a degraded state once encountered. In this degraded state, nodes can continue to make payments a...

CVE-2022-39389 Witness Block Parsing DoS Vulnerability in lnd

Lightning Network Daemon lnd is an implementation of a lightning bitcoin overlay network node. All lnd nodes before version v0.15.4 are vulnerable to a block parsing bug that can cause a node to enter a degraded state once encountered. In this degraded state, nodes can continue to make payments a...

PT-2022-27317 · Btcd +1 · Btcd +1

Name of the Vulnerable Software and Affected Versions: btcd versions prior to 0.23.2 lnd versions prior to 0.15.2-beta Description: The issue is related to the mishandling of witness size checking, which can cause denial of service due to erroneous message decoding. Improper checking of maximum...

CVE-2020-26895

Prior to 0.10.0-beta, LND Lightning Network Daemon would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions. This can be exploited by any peer with an open channel regardless of the victim situation e.g., routing node, payment-receiver,...

CVE-2020-26895

Prior to 0.10.0-beta, LND Lightning Network Daemon would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions. This can be exploited by any peer with an open channel regardless of the victim situation e.g., routing node, payment-receiver,...

Design/Logic Flaw

Prior to 0.11.0-beta, LND Lightning Network Daemon had a vulnerability in its invoice database. While claiming on-chain a received HTLC output, it didn't verify that the corresponding outgoing off-chain HTLC was already settled before releasing the preimage. In the case of a hash-and-amount...

Open redirect

Prior to 0.10.0-beta, LND Lightning Network Daemon would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions. This can be exploited by any peer with an open channel regardless of the victim situation e.g., routing node, payment-receiver,...

CVE-2020-26896

The CVE affects LND (Lightning Network Daemon) prior to version 0.11.0-beta, specifically its invoice database. The root cause is that, when claiming an on-chain HTLC output, LND did not verify that the corresponding off-chain HTLC had already been settled before releasing the preimage. In a hash...

CVE-2020-26895

CVE-2020-26895 affects LND versions prior to 0.10.0-beta. The root cause is the handling of a counterparty high-S signature which could lead to the broadcast of invalid local commitment/HTLC transactions. This allows any peer with an open channel—whether routing node, payment-sender, or payment-r...