Vulnerability Details CVE-2021-41593
Lightning Labs lnd before 0.13.3-beta allows loss of funds because of dust HTLC exposure.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.5%
CVSS Severity
CVSS v3 Score 8.6
CVSS v2 Score 7.5
References
- https://bitcoinmagazine.com/technical/good-griefing-a-lingering-vulnerability-on-lightning-network-that-still-needs-fixing
- https://github.com/lightningnetwork/lnd/blob/master/docs/release-notes/release-notes-0.13.3.md
- https://github.com/lightningnetwork/lnd/releases/tag/v0.13.3-beta
- https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-May/002714.html
- https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-October/003257.html
- https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-October/003264.html
- https://bitcoinmagazine.com/technical/good-griefing-a-lingering-vulnerability-on-lightning-network-that-still-needs-fixing
- https://github.com/lightningnetwork/lnd/blob/master/docs/release-notes/release-notes-0.13.3.md
- https://github.com/lightningnetwork/lnd/releases/tag/v0.13.3-beta
- https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-May/002714.html
- https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-October/003257.html
- https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-October/003264.html
Products affected by CVE-2021-41593
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:-
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.1
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.1.1
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.0
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.1
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.2
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.3
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.4
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.11.0
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.11.1
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.12.0
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.12.1
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.13.0
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.13.1
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.13.2
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.13.3
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.2
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.2.1
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.3
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.4
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.4.1
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.4.2
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5.1
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5.2
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6.0
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6.1
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.0
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.1
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.0
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.1
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.2
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.0
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.1
-
cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.2