Denial Of Service (DoS)

2022-11-0807:48:55

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

denial of service

vulnerability

block validation

0.002 Low

EPSS

Percentile

58.6%

JSON

github.com/btcsuite/btcd and github.com/lightningnetwork/lnd are vulnerable to denial of service. The vulnerability exists due to improper validation of blocks in msgtx.go which allows to an attacker to crash the node on block validation.

CPENameOperatorVersion
github.com/btcsuite/btcdlebtcec/v2.2.1
github.com/btcsuite/btcdlev0.22.1
github.com/btcsuite/btcdlebtcutil/psbt/v1.1.5
github.com/btcsuite/btcdlechaincfg/chainhash/v1.0.1
github.com/btcsuite/btcdlev0.23.1
github.com/btcsuite/btcdlebtcutil/v1.1.2
github.com/lightningnetwork/lndlev0.15.1-beta
github.com/lightningnetwork/lndlecert/v1.1.1
github.com/lightningnetwork/lndlekvdb/v1.3.1
github.com/lightningnetwork/lndleticker/v1.1.0

Name	Operator	Version
github.com/btcsuite/btcd	le	btcec/v2.2.1
github.com/btcsuite/btcd	le	v0.22.1
github.com/btcsuite/btcd	le	btcutil/psbt/v1.1.5
github.com/btcsuite/btcd	le	chaincfg/chainhash/v1.0.1
github.com/btcsuite/btcd	le	v0.23.1
github.com/btcsuite/btcd	le	btcutil/v1.1.2
github.com/lightningnetwork/lnd	le	v0.15.1-beta
github.com/lightningnetwork/lnd	le	cert/v1.1.1
github.com/lightningnetwork/lnd	le	kvdb/v1.3.1
github.com/lightningnetwork/lnd	le	ticker/v1.1.0