exploitDog

CVE-2021-41592

Опубликовано: 04 окт. 2021

Источник: nvd

CVSS3: 9.4

CVSS2: 7.5

EPSS Низкий

Описание

Blockstream c-lightning through 0.10.1 allows loss of funds because of dust HTLC exposure.

Ссылки

https://bitcoinmagazine.com/technical/good-griefing-a-lingering-vulnerability-on-lightning-network-that-still-needs-fixing
Press/Media Coverage
Third Party Advisory
https://github.com/ElementsProject/lightning
Third Party Advisory
https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-May/002714.html
Mailing List
Vendor Advisory
https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-October/003257.html
Mailing List
Mitigation
Vendor Advisory
https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-October/003264.html
Mailing List
Vendor Advisory
https://bitcoinmagazine.com/technical/good-griefing-a-lingering-vulnerability-on-lightning-network-that-still-needs-fixing
Press/Media Coverage
Third Party Advisory
https://github.com/ElementsProject/lightning
Third Party Advisory
https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-May/002714.html
Mailing List
Vendor Advisory
https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-October/003257.html
Mailing List
Mitigation
Vendor Advisory
https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-October/003264.html
Mailing List
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:elementsproject:c-lightning:*:*:*:*:*:*:*:*

Версия до 0.10.1 (включая)

EPSS

Процентиль: 74%

0.00831

Низкий

9.4 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-770

Связанные уязвимости

GHSA-rqmp-32v6-q5qj

CVSS3: 9.4

github

больше 3 лет назад

Blockstream c-lightning through 0.10.1 allows loss of funds because of dust HTLC exposure.

EPSS

Процентиль: 74%

0.00831

Низкий

9.4 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-770