fkie_cve-2020-26895
Vulnerability from fkie_nvd
Published
2020-10-21 02:15
Modified
2024-11-21 05:20
Severity ?
Summary
Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions. This can be exploited by any peer with an open channel regardless of the victim situation (e.g., routing node, payment-receiver, or payment-sender). The impact is a loss of funds in certain situations.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gist.github.com/ariard/fb432a9d2cd3ba24fdc18ccc8c5c6eb4 | Third Party Advisory | |
| cve@mitre.org | https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002856.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002858.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gist.github.com/ariard/fb432a9d2cd3ba24fdc18ccc8c5c6eb4 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002856.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002858.html | Mailing List, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.1:alpha:*:*:*:*:*:*",
"matchCriteriaId": "C806B233-215F-4084-8593-955A1407FC24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.1.1:alpha:*:*:*:*:*:*",
"matchCriteriaId": "8C8A336E-FB18-4249-8692-78360BF46ECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.2:alpha:*:*:*:*:*:*",
"matchCriteriaId": "F1C6DF0D-51A5-4C97-9A5A-45C728395193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.2.1:alpha:*:*:*:*:*:*",
"matchCriteriaId": "029AC422-BD2C-492B-BEFC-51609F2669C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.3:alpha:*:*:*:*:*:*",
"matchCriteriaId": "B146A72F-0E21-40AC-A822-70D43E927AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.4:beta:*:*:*:*:*:*",
"matchCriteriaId": "78681B98-6A34-4052-9D8A-66C50C4AB689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.4.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "E9658AB1-6590-4D94-84F3-E4CD291C127C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.4.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "433D9C37-77EE-48CC-B7CE-81F430B05EA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5:beta:*:*:*:*:*:*",
"matchCriteriaId": "76EB9B7B-0978-45B7-9AEE-C24B9D247A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5:beta_rc1:*:*:*:*:*:*",
"matchCriteriaId": "93B2A426-190A-4968-A5A0-FF129317E0E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5:beta_rc2:*:*:*:*:*:*",
"matchCriteriaId": "D2431C53-AB13-4203-80F6-4AB915C8ADBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "2B6F9135-0553-4B11-AC98-AC745DDFF03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5.1:beta_rc1:*:*:*:*:*:*",
"matchCriteriaId": "74CB5F88-DDD2-4FEF-81E5-D9696E06FD21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5.1:beta_rc2:*:*:*:*:*:*",
"matchCriteriaId": "D41220F2-D900-48A9-9328-95DE340A7B51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5.1:beta_rc3:*:*:*:*:*:*",
"matchCriteriaId": "EF01EEA5-E7B8-4F8F-BD23-9D06036A5F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5.1:beta_rc4:*:*:*:*:*:*",
"matchCriteriaId": "9047955C-DF64-4E86-A731-E37F1830DD2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "E32A8035-28FD-4888-99CC-BEFC7E20AD31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6:beta:*:*:*:*:*:*",
"matchCriteriaId": "A28A504C-80CF-4E79-8674-AA097A19F9E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6:beta_rc1:*:*:*:*:*:*",
"matchCriteriaId": "A8B53F63-E9B6-49AB-9418-E16EF23BDE16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6:beta_rc2:*:*:*:*:*:*",
"matchCriteriaId": "A87FD870-754A-4167-AF21-3986E4A0BAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6:beta_rc3:*:*:*:*:*:*",
"matchCriteriaId": "054B141D-B389-4FB7-BE0E-D1D487EBE0E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6:beta_rc4:*:*:*:*:*:*",
"matchCriteriaId": "895EB24D-00D4-4B67-AB5B-16101652FCD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "25AB5F82-9C4D-41AC-9FB0-B76D39E9EF20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6.1:beta_rc1:*:*:*:*:*:*",
"matchCriteriaId": "E0E83B03-6414-41D7-9F2B-1C07E8A18640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6.1:beta_rc2:*:*:*:*:*:*",
"matchCriteriaId": "E089FE96-A770-4911-8237-311110C11830",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "22E617BA-4449-490E-B0F9-B532AA6EABA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.0:beta_rc1:*:*:*:*:*:*",
"matchCriteriaId": "16819283-EDE0-4414-BE6F-402F90E28662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.0:beta_rc2:*:*:*:*:*:*",
"matchCriteriaId": "C02718A4-09D0-4850-B06C-C46C70BD6E3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.0:beta_rc3:*:*:*:*:*:*",
"matchCriteriaId": "63E8A06A-03CE-4E65-B808-737951FDE894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "83203CF6-9E9A-44EA-894C-AF1EA8A2FD72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.1:beta_rc1:*:*:*:*:*:*",
"matchCriteriaId": "E2E7AEE3-A6B1-4AAC-825E-143318600E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.1:beta_rc2:*:*:*:*:*:*",
"matchCriteriaId": "8FDEE520-4686-4DD2-93AD-176514836526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "0A9A39B1-E7FC-47E1-A19C-5CF8B180A377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.0:beta_rc1:*:*:*:*:*:*",
"matchCriteriaId": "920FAC21-00D8-408B-9371-7F0F17B75D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.0:beta_rc2:*:*:*:*:*:*",
"matchCriteriaId": "064AFCE6-B8FE-4213-BEF6-C1749F5D108D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.0:beta_rc3:*:*:*:*:*:*",
"matchCriteriaId": "2757E731-97D4-4F32-8526-9E98A2E309E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "9EEF60FF-01B5-4112-A29A-89ADF6D9398C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "FE6C68BC-BF65-4DEF-82A3-D4B7DF0E152E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.2:beta_rc1:*:*:*:*:*:*",
"matchCriteriaId": "9DCD2B37-8BA7-4588-9302-2E02D2C82A66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.2:beta_rc2:*:*:*:*:*:*",
"matchCriteriaId": "7A85DF0B-DDC2-4D88-8288-AB9BDBFF8C8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "BEA29F2A-41FC-411D-9870-414DED92403A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.0:beta_rc1:*:*:*:*:*:*",
"matchCriteriaId": "BAB8D1AF-6FCD-41E5-89E0-BE4AD9935718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.0:beta_rc2:*:*:*:*:*:*",
"matchCriteriaId": "A49E923C-86E0-411E-90F7-84829D773BC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.0:beta_rc3:*:*:*:*:*:*",
"matchCriteriaId": "2A59417E-1206-42A8-B06A-857FE7419835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.0:beta_rc4:*:*:*:*:*:*",
"matchCriteriaId": "2C2AE7AD-2056-4411-8E64-DC07B90FDD88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "C55FA144-972F-4614-B344-F733C5DC9ACA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.1:beta_rc1:*:*:*:*:*:*",
"matchCriteriaId": "422108E5-3C8E-4101-9664-B39564C34DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "D853D090-E408-4BE7-A28C-18BFB328AC41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.0:beta_rc1:*:*:*:*:*:*",
"matchCriteriaId": "E91EDB73-AD09-47A2-87F7-AB7CA80CBAF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.0:beta_rc2:*:*:*:*:*:*",
"matchCriteriaId": "F032C09F-555B-4726-AF31-3E26A337222F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.0:beta_rc3:*:*:*:*:*:*",
"matchCriteriaId": "6D0927FD-C0FD-474F-8F4C-A2C41D8BF08E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.0:beta_rc4:*:*:*:*:*:*",
"matchCriteriaId": "351537F0-84DE-4EB2-AF66-1F547B0ECAC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.0:beta_rc5:*:*:*:*:*:*",
"matchCriteriaId": "DDA39AA1-3C63-4CA3-BD91-A1870FCB53F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.0:beta_rc6:*:*:*:*:*:*",
"matchCriteriaId": "A4A9F188-EF5C-44E7-9893-B81AA851B203",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions. This can be exploited by any peer with an open channel regardless of the victim situation (e.g., routing node, payment-receiver, or payment-sender). The impact is a loss of funds in certain situations."
},
{
"lang": "es",
"value": "Antes de la versi\u00f3n 0.10.0-beta, el LND (Lightning Network Daemon) habr\u00eda aceptado una firma de contrapartida de alta-S y transmitido transacciones de compromiso local/HTLC inv\u00e1lidas de retransmisi\u00f3n tx. Esto puede ser explotado por cualquier par con un canal abierto, independientemente de la situaci\u00f3n de la v\u00edctima (por ejemplo, nodo de enrutamiento, pagador-receptor o pagador-emisor). El impacto es una p\u00e9rdida de fondos en ciertas situaciones"
}
],
"id": "CVE-2020-26895",
"lastModified": "2024-11-21T05:20:26.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-21T02:15:12.660",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gist.github.com/ariard/fb432a9d2cd3ba24fdc18ccc8c5c6eb4"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002856.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002858.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://gist.github.com/ariard/fb432a9d2cd3ba24fdc18ccc8c5c6eb4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002856.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002858.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-354"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…