CVE-2021-41593

Опубликовано: 04 окт. 2021

Источник: nvd

CVSS3: 8.6

CVSS2: 7.5

EPSS Низкий

Описание

Lightning Labs lnd before 0.13.3-beta allows loss of funds because of dust HTLC exposure.

Ссылки

https://bitcoinmagazine.com/technical/good-griefing-a-lingering-vulnerability-on-lightning-network-that-still-needs-fixing
Press/Media Coverage
Third Party Advisory
https://github.com/lightningnetwork/lnd/blob/master/docs/release-notes/release-notes-0.13.3.md
Release Notes
Third Party Advisory
https://github.com/lightningnetwork/lnd/releases/tag/v0.13.3-beta
Third Party Advisory
https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-May/002714.html
Mailing List
Vendor Advisory
https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-October/003257.html
Mailing List
Vendor Advisory
https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-October/003264.html
Exploit
Mailing List
Vendor Advisory
https://bitcoinmagazine.com/technical/good-griefing-a-lingering-vulnerability-on-lightning-network-that-still-needs-fixing
Press/Media Coverage
Third Party Advisory
https://github.com/lightningnetwork/lnd/blob/master/docs/release-notes/release-notes-0.13.3.md
Release Notes
Third Party Advisory
https://github.com/lightningnetwork/lnd/releases/tag/v0.13.3-beta
Third Party Advisory
https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-May/002714.html
Mailing List
Vendor Advisory
https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-October/003257.html
Mailing List
Vendor Advisory
https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-October/003264.html
Exploit
Mailing List
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:*:*:*:*:*:*:*:*

Версия до 0.11.0 (исключая)

cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.11.0:-:*:*:*:*:*:*

cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.11.0:beta:*:*:*:*:*:*

cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.11.0:beta_rc1:*:*:*:*:*:*

cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.11.0:beta_rc2:*:*:*:*:*:*

cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.11.0:beta_rc3:*:*:*:*:*:*

cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.11.0:beta_rc4:*:*:*:*:*:*

cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.11.1:beta:*:*:*:*:*:*

cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.11.1:beta_rc1:*:*:*:*:*:*

cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.11.1:beta_rc2:*:*:*:*:*:*

cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.11.1:beta_rc3:*:*:*:*:*:*

cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.11.1:beta_rc4:*:*:*:*:*:*

cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.11.1:beta_rc5:*:*:*:*:*:*

cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.12.0:beta:*:*:*:*:*:*

cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.12.0:beta_rc1:*:*:*:*:*:*

cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.12.0:beta_rc2:*:*:*:*:*:*

cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.12.0:beta_rc3:*:*:*:*:*:*

cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.12.0:beta_rc4:*:*:*:*:*:*

cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.12.0:beta_rc5:*:*:*:*:*:*

cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.12.0:beta_rc6:*:*:*:*:*:*

cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.12.1:beta:*:*:*:*:*:*

cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.12.1:beta_rc1:*:*:*:*:*:*

cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.12.1:beta_rc2:*:*:*:*:*:*

cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.12.1:beta_rc3:*:*:*:*:*:*

cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.12.1:beta_rc4:*:*:*:*:*:*

cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.12.1:beta_rc5:*:*:*:*:*:*

cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.12.1:beta_rc6:*:*:*:*:*:*

cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.13.0:beta:*:*:*:*:*:*

cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.13.0:beta_rc1:*:*:*:*:*:*

cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.13.0:beta_rc2:*:*:*:*:*:*

cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.13.0:beta_rc3:*:*:*:*:*:*

cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.13.0:beta_rc4:*:*:*:*:*:*

cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.13.0:beta_rc5:*:*:*:*:*:*

cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.13.1:beta:*:*:*:*:*:*

cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.13.1:beta_rc1:*:*:*:*:*:*

cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.13.1:beta_rc2:*:*:*:*:*:*

cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.13.2:beta:*:*:*:*:*:*

cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.13.3:beta_rc2:*:*:*:*:*:*

EPSS

Процентиль: 72%

0.00719

Низкий

8.6 High

CVSS3

7.5 High

CVSS2

Дефекты

CWE-770

Связанные уязвимости

GHSA-gjfm-mwrf-wg3p