5 matches found
CVE-2024-38365
CVE-2024-38365 affects btcd (versions 0.10 to 0.24). The issue is a mismatch in Bitcoin Core’s FindAndDelete() versus btcd’s removeOpcodeByData() that can cause btcd to validate blocks differently, risking a chain split (accepting an invalid block) or DoS (rejecting a valid block). The root cause...
CVE-2022-44797
CVE-2022-44797 affects btcd before 0.23.2 (used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin products) due to mishandling of witness size checking, enabling high-impact network exploitation. The CVSSv3.1 base score is 9.8 (CRITICAL) with full confidentiality, integrity, and availabi...
CVE-2018-17145
CVE-2018-17145 affects Bitcoin Core 0.16.x prior to 0.16.2 and Bitcoin Knots 0.16.x prior to 0.16.2. The root cause is mishandling of inventory (inv) messages, allowing an attacker to cause remote denial of service by flooding with multiple transaction inv messages using random hashes. Impact des...
CVE-2022-39389
CVE-2022-39389 (lnd) affects Lightning Network Daemon (lnd) prior to v0.15.4. The vulnerability is a block parsing bug that can cause a node to enter a degraded state after processing certain blocks. In this state, a node can still forward HTLCs and make payments but cannot open channels, and on-...
CVE-2024-34478
CVE-2024-34478 affects btcd before 0.24.0, where the software does not correctly implement BIP 68/BIP 112 consensus rules. The core issue is treating the transaction version as a signed integer instead of unsigned, which can cause consensus failures, potentially leading to a chain split and loss ...