Lightning Network Daemon Security Vulnerabilities
Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions. This can be exploited by any peer with an open channel regardless of the victim situation (e.g., routing node, payment-receiver...
5.3CVSS
5AI Score
0.001EPSS
Prior to 0.11.0-beta, LND (Lightning Network Daemon) had a vulnerability in its invoice database. While claiming on-chain a received HTLC output, it didn't verify that the corresponding outgoing off-chain HTLC was already settled before releasing the preimage. In the case of a hash-and-amount colli...
8.2CVSS
8AI Score
0.001EPSS
Lightning Labs lnd before 0.13.3-beta allows loss of funds because of dust HTLC exposure.
8.6CVSS
8.5AI Score
0.002EPSS
Lightning Network Daemon (lnd) is an implementation of a lightning bitcoin overlay network node. All lnd nodes before version v0.15.4 are vulnerable to a block parsing bug that can cause a node to enter a degraded state once encountered. In this degraded state, nodes can continue to make payments a...
8.2CVSS
6.4AI Score
0.001EPSS
The Lightning Network Daemon (lnd) - is a complete implementation of a Lightning Network node. A parsing vulnerability in lnd's onion processing logic and lead to a DoS vector due to excessive memory allocation. The issue was patched in lnd v0.17.0. Users should update to a version > v0.17.0 to ...
6.5CVSS
6.5AI Score
0.0004EPSS