CVE-2020-26896
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
21/10/2020
Last modified:
05/11/2020
Description
Prior to 0.11.0-beta, LND (Lightning Network Daemon) had a vulnerability in its invoice database. While claiming on-chain a received HTLC output, it didn't verify that the corresponding outgoing off-chain HTLC was already settled before releasing the preimage. In the case of a hash-and-amount collision with an invoice, the preimage for an expected payment was instead released. A malicious peer could have deliberately intercepted an HTLC intended for the victim node, probed the preimage through a colluding relayed HTLC, and stolen the intercepted HTLC. The impact is a loss of funds in certain situations, and a weakening of the victim's receiver privacy.
Impact
Base Score 3.x
8.20
Severity 3.x
HIGH
Base Score 2.0
5.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:*:*:*:*:*:*:*:* | 0.11.0 (excluding) | |
| cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.11.0:-:*:*:*:*:*:* | ||
| cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.11.0:beta_rc1:*:*:*:*:*:* | ||
| cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.11.0:beta_rc2:*:*:*:*:*:* | ||
| cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.11.0:beta_rc3:*:*:*:*:*:* | ||
| cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.11.0:beta_rc4:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page