Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2022-39389
Analyzed
More InfoOfficial Page
Source-security-advisories@github.com
View Known Exploited Vulnerability (KEV) details
Published At-17 Nov, 2022 | 22:15
Updated At-22 Nov, 2022 | 16:49

Lightning Network Daemon (lnd) is an implementation of a lightning bitcoin overlay network node. All lnd nodes before version `v0.15.4` are vulnerable to a block parsing bug that can cause a node to enter a degraded state once encountered. In this degraded state, nodes can continue to make payments and forward HTLCs, and close out channels. Opening channels is prohibited, and also on chain transaction events will be undetected. This can cause loss of funds if a CSV expiry is researched during a breach attempt or a CLTV delta expires forgetting the funds in the HTLC. A patch is available in `lnd` version 0.15.4. Users are advised to upgrade. Users unable to upgrade may use the `lncli updatechanpolicy` RPC call to increase their CLTV value to a very high amount or increase their fee policies. This will prevent nodes from routing through your node, meaning that no pending HTLCs can be present.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Secondary3.18.2HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
CPE Matches
btcd_project
btcd_project
>>btcd>>Versions before 0.23.3(exclusive)
cpe:2.3:a:btcd_project:btcd:*:*:*:*:*:*:*:*
lightning_network_daemon_project
lightning_network_daemon_project
>>lightning_network_daemon>>Versions before 0.15.4(exclusive)
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarysecurity-advisories@github.com
CWE ID: CWE-20
Type: Primary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/lightningnetwork/lnd/issues/7096security-advisories@github.com
Exploit
Issue Tracking
Patch
Third Party Advisory
https://github.com/lightningnetwork/lnd/pull/7098security-advisories@github.com
Patch
Third Party Advisory
https://github.com/lightningnetwork/lnd/releases/tag/v0.15.4-betasecurity-advisories@github.com
Release Notes
Third Party Advisory
https://github.com/lightningnetwork/lnd/security/advisories/GHSA-hc82-w9v8-83prsecurity-advisories@github.com
Third Party Advisory
Hyperlink: https://github.com/lightningnetwork/lnd/issues/7096
Source: security-advisories@github.com
Resource:
Exploit
Issue Tracking
Patch
Third Party Advisory
Hyperlink: https://github.com/lightningnetwork/lnd/pull/7098
Source: security-advisories@github.com
Resource:
Patch
Third Party Advisory
Hyperlink: https://github.com/lightningnetwork/lnd/releases/tag/v0.15.4-beta
Source: security-advisories@github.com
Resource:
Release Notes
Third Party Advisory
Hyperlink: https://github.com/lightningnetwork/lnd/security/advisories/GHSA-hc82-w9v8-83pr
Source: security-advisories@github.com
Resource:
Third Party Advisory
Change History
0Changes found
Details not found