CVE-2022-44797
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
07/11/2022
Last modified:
01/05/2025
Description
btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size checking.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:btcd_project:btcd:*:*:*:*:*:*:*:* | 0.23.2 (excluding) | |
| cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:*:*:*:*:*:*:*:* | 0.15.2 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/btcsuite/btcd/pull/1896
- https://github.com/btcsuite/btcd/releases/tag/v0.23.2
- https://github.com/lightningnetwork/lnd/issues/7002
- https://github.com/lightningnetwork/lnd/releases/tag/v0.15.2-beta
- https://github.com/btcsuite/btcd/pull/1896
- https://github.com/btcsuite/btcd/releases/tag/v0.23.2
- https://github.com/lightningnetwork/lnd/issues/7002
- https://github.com/lightningnetwork/lnd/releases/tag/v0.15.2-beta