VYPR
Medium severity6.5OSV Advisory· Published Jun 20, 2024· Updated Jun 17, 2026

CVE-2024-38359

CVE-2024-38359

Description

The Lightning Network Daemon (lnd) - is a complete implementation of a Lightning Network node. A parsing vulnerability in lnd's onion processing logic and lead to a DoS vector due to excessive memory allocation. The issue was patched in lnd v0.17.0. Users should update to a version > v0.17.0 to be protected. Users unable to upgrade may set the --rejecthtlc CLI flag and also disable forwarding on channels via the UpdateChanPolicyCommand, or disable listening on a public network interface via the --nolisten flag as a mitigation.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/lightningnetwork/lndGo
< 0.17.0-beta0.17.0-beta

Affected products

2

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.