Description

The Lightning Network Daemon (lnd) - is a complete implementation of a Lightning Network node. A parsing vulnerability in lnd's onion processing logic and lead to a DoS vector due to excessive memory allocation. The issue was patched in lnd v0.17.0. Users should update to a version > v0.17.0 to be protected. Users unable to upgrade may set the `--rejecthtlc` CLI flag and also disable forwarding on channels via the `UpdateChanPolicyCommand`, or disable listening on a public network interface via the `--nolisten` flag as a mitigation.

INFO

Published Date :

2024-06-20T22:16:00.428Z

Last Modified :

2024-08-02T04:04:25.238Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-38359 vulnerability.

Vendors Products
Lightning Network Daemon Project
  • Lightning Network Daemon
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-38359.

URL Resource
https://delvingbitcoin.org/t/dos-disclosure-lnd-onion-bomb/979 cve-icon cve-icon
https://github.com/lightningnetwork/lnd/releases/tag/v0.17.0-beta cve-icon cve-icon
https://github.com/lightningnetwork/lnd/security/advisories/GHSA-9gxx-58q6-42p7 cve-icon cve-icon
https://lightning.network cve-icon cve-icon
https://morehouse.github.io/lightning/lnd-onion-bomb cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact