CVE-2021-41593 Information

Jun 07, 2022 cve

Description

Lightning Labs lnd before 0.13.3-beta allows loss of funds because of dust HTLC exposure.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

Reference

https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-May/002714.html https://github.com/lightningnetwork/lnd/releases/tag/v0.13.3-beta https://bitcoinmagazine.com/technical/good-griefing-a-lingering-vulnerability-on-lightning-network-that-still-needs-fixing https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-October/003257.html https://github.com/lightningnetwork/lnd/blob/master/docs/release-notes/release-notes-0.13.3.md https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-October/003264.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

HIGH

Base Score

LOW

Base Severity

8.6

Share on: