CVE-2020-26895

Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions. This can be exploited by any peer with an open channel regardless of the victim situation (e.g., routing node, payment-receiver, or payment-sender). The impact is a loss of funds in certain situations.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
VendorProductVersion
lightning_network_daemon_projectlightning_network_daemon
0.1:alpha
lightning_network_daemon_projectlightning_network_daemon
0.1.1:alpha
lightning_network_daemon_projectlightning_network_daemon
0.2:alpha
lightning_network_daemon_projectlightning_network_daemon
0.2.1:alpha
lightning_network_daemon_projectlightning_network_daemon
0.3:alpha
lightning_network_daemon_projectlightning_network_daemon
0.4:beta
lightning_network_daemon_projectlightning_network_daemon
0.4.1:beta
lightning_network_daemon_projectlightning_network_daemon
0.4.2:beta
lightning_network_daemon_projectlightning_network_daemon
0.5:beta
lightning_network_daemon_projectlightning_network_daemon
0.5:beta_rc1
lightning_network_daemon_projectlightning_network_daemon
0.5:beta_rc2
lightning_network_daemon_projectlightning_network_daemon
0.5.1:beta
lightning_network_daemon_projectlightning_network_daemon
0.5.1:beta_rc1
lightning_network_daemon_projectlightning_network_daemon
0.5.1:beta_rc2
lightning_network_daemon_projectlightning_network_daemon
0.5.1:beta_rc3
lightning_network_daemon_projectlightning_network_daemon
0.5.1:beta_rc4
lightning_network_daemon_projectlightning_network_daemon
0.5.2:beta
lightning_network_daemon_projectlightning_network_daemon
0.6:beta
lightning_network_daemon_projectlightning_network_daemon
0.6:beta_rc1
lightning_network_daemon_projectlightning_network_daemon
0.6:beta_rc2
lightning_network_daemon_projectlightning_network_daemon
0.6:beta_rc3
lightning_network_daemon_projectlightning_network_daemon
0.6:beta_rc4
lightning_network_daemon_projectlightning_network_daemon
0.6.1:beta
lightning_network_daemon_projectlightning_network_daemon
0.6.1:beta_rc1
lightning_network_daemon_projectlightning_network_daemon
0.6.1:beta_rc2
lightning_network_daemon_projectlightning_network_daemon
0.7.0:beta
lightning_network_daemon_projectlightning_network_daemon
0.7.0:beta_rc1
lightning_network_daemon_projectlightning_network_daemon
0.7.0:beta_rc2
lightning_network_daemon_projectlightning_network_daemon
0.7.0:beta_rc3
lightning_network_daemon_projectlightning_network_daemon
0.7.1:beta
lightning_network_daemon_projectlightning_network_daemon
0.7.1:beta_rc1
lightning_network_daemon_projectlightning_network_daemon
0.7.1:beta_rc2
lightning_network_daemon_projectlightning_network_daemon
0.8.0:beta
lightning_network_daemon_projectlightning_network_daemon
0.8.0:beta_rc1
lightning_network_daemon_projectlightning_network_daemon
0.8.0:beta_rc2
lightning_network_daemon_projectlightning_network_daemon
0.8.0:beta_rc3
lightning_network_daemon_projectlightning_network_daemon
0.8.1:beta
lightning_network_daemon_projectlightning_network_daemon
0.8.2:beta
lightning_network_daemon_projectlightning_network_daemon
0.8.2:beta_rc1
lightning_network_daemon_projectlightning_network_daemon
0.8.2:beta_rc2
lightning_network_daemon_projectlightning_network_daemon
0.9.0:beta
lightning_network_daemon_projectlightning_network_daemon
0.9.0:beta_rc1
lightning_network_daemon_projectlightning_network_daemon
0.9.0:beta_rc2
lightning_network_daemon_projectlightning_network_daemon
0.9.0:beta_rc3
lightning_network_daemon_projectlightning_network_daemon
0.9.0:beta_rc4
lightning_network_daemon_projectlightning_network_daemon
0.9.1:beta
lightning_network_daemon_projectlightning_network_daemon
0.9.1:beta_rc1
lightning_network_daemon_projectlightning_network_daemon
0.9.2:beta
lightning_network_daemon_projectlightning_network_daemon
0.10.0:beta_rc1
lightning_network_daemon_projectlightning_network_daemon
0.10.0:beta_rc2
lightning_network_daemon_projectlightning_network_daemon
0.10.0:beta_rc3
lightning_network_daemon_projectlightning_network_daemon
0.10.0:beta_rc4
lightning_network_daemon_projectlightning_network_daemon
0.10.0:beta_rc5
lightning_network_daemon_projectlightning_network_daemon
0.10.0:beta_rc6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://gist.github.com/ariard/fb432a9d2cd3ba24fdc18ccc8c5c6eb4
https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002856.html
https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002858.html
https://gist.github.com/ariard/fb432a9d2cd3ba24fdc18ccc8c5c6eb4
https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002856.html
https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002858.html