4 matches found
CVE-2020-26895
CVE-2020-26895 affects LND versions prior to 0.10.0-beta. The root cause is the handling of a counterparty high-S signature which could lead to the broadcast of invalid local commitment/HTLC transactions. This allows any peer with an open channel—whether routing node, payment-sender, or payment-r...
CVE-2020-26896
The CVE affects LND (Lightning Network Daemon) prior to version 0.11.0-beta, specifically its invoice database. The root cause is that, when claiming an on-chain HTLC output, LND did not verify that the corresponding off-chain HTLC had already been settled before releasing the preimage. In a hash...
CVE-2022-39389
CVE-2022-39389 (lnd) affects Lightning Network Daemon (lnd) prior to v0.15.4. The vulnerability is a block parsing bug that can cause a node to enter a degraded state after processing certain blocks. In this state, a node can still forward HTLCs and make payments but cannot open channels, and on-...
CVE-2021-41593
CVE-2021-41593 affects Lightning Labs lnd prior to 0.13.3-beta. The issue is described as a dust HTLC exposure that can lead to loss of funds. Root cause and impact are noted in multiple connected sources; the affected component is lnd (Lightning Network daemon). Remediation is to upgrade to v0.1...