Vulnerability Details CVE-2020-26896
Prior to 0.11.0-beta, LND (Lightning Network Daemon) had a vulnerability in its invoice database. While claiming on-chain a received HTLC output, it didn't verify that the corresponding outgoing off-chain HTLC was already settled before releasing the preimage. In the case of a hash-and-amount collision with an invoice, the preimage for an expected payment was instead released. A malicious peer could have deliberately intercepted an HTLC intended for the victim node, probed the preimage through a colluding relayed HTLC, and stolen the intercepted HTLC. The impact is a loss of funds in certain situations, and a weakening of the victim's receiver privacy.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.1%
CVSS Severity
CVSS v3 Score 8.2
CVSS v2 Score 5.8
References
- https://gist.github.com/ariard/6bdeb995565d1cc292753e1ee4ae402d
- https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002855.html
- https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002857.html
- https://gist.github.com/ariard/6bdeb995565d1cc292753e1ee4ae402d
- https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002855.html
- https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002857.html
Products affected by CVE-2020-26896
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:-
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.1
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.1.1
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.0
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.1
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.2
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.3
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.4
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.11.0
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.2
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.2.1
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.3
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.4
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.4.1
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.4.2
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5.1
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5.2
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6.0
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6.1
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.0
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.1
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.0
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.1
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.2
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.0
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.1
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.2