CVE-2020-26895

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-26895
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-26895.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-26895
Published
2020-10-21T02:15:12Z
Modified
2024-09-03T03:54:16.154080Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions. This can be exploited by any peer with an open channel regardless of the victim situation (e.g., routing node, payment-receiver, or payment-sender). The impact is a loss of funds in certain situations.

References

Affected packages

Git / github.com/lightningnetwork/lnd

Affected ranges

Type
GIT
Repo
https://github.com/lightningnetwork/lnd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected

Affected versions

v0.*

v0.1-alpha
v0.1.1-alpha
v0.2-alpha
v0.2.1-alpha