Lucene search

Veracode Vulnerability DatabaseVERACODE:47692

HistoryJun 21, 2024 - 9:14 a.m.

Improper Input Validation

2024-06-2109:14:52

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

vulnerability

memory allocation

parsing process

denial-of-service

software

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

High

JSON

github.com/lightningnetwork/lnd is vulnerable to Improper Input Validation. The vulnerability is due to excessive memory allocation during the parsing process, which creates a Denial-Of-Service (DoS) vector.

References

delvingbitcoin.org/t/dos-disclosure-lnd-onion-bomb/979

github.com/advisories/GHSA-9gxx-58q6-42p7

github.com/lightningnetwork/lnd/releases/tag/v0.17.0-beta

github.com/lightningnetwork/lnd/security/advisories/GHSA-9gxx-58q6-42p7

lightning.network

morehouse.github.io/lightning/lnd-onion-bomb

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

High

JSON

Related for VERACODE:47692