Go modules package
github.com/lightningnetwork/lnd
pkg:golang/github.com/lightningnetwork/lnd
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-38359 | Med | 6.5 | < 0.17.0-beta | 0.17.0-beta | Jun 20, 2024 | The Lightning Network Daemon (lnd) - is a complete implementation of a Lightning Network node. A parsing vulnerability in lnd's onion processing logic and lead to a DoS vector due to excessive memory allocation. The issue was patched in lnd v0.17.0. Users should update to a vers | |
| CVE-2022-39389 | — | < 0.15.4-beta | 0.15.4-beta | Nov 17, 2022 | Lightning Network Daemon (lnd) is an implementation of a lightning bitcoin overlay network node. All lnd nodes before version `v0.15.4` are vulnerable to a block parsing bug that can cause a node to enter a degraded state once encountered. In this degraded state, nodes can contin | ||
| CVE-2022-44797 | — | < 0.15.2-beta | 0.15.2-beta | Nov 7, 2022 | btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size checking. | ||
| CVE-2019-12999 | — | < 0.7.1-beta | 0.7.1-beta | Jan 31, 2020 | Lightning Network Daemon (lnd) before 0.7 allows attackers to trigger loss of funds because of Incorrect Access Control. |
- affected < 0.17.0-betafixed 0.17.0-beta
The Lightning Network Daemon (lnd) - is a complete implementation of a Lightning Network node. A parsing vulnerability in lnd's onion processing logic and lead to a DoS vector due to excessive memory allocation. The issue was patched in lnd v0.17.0. Users should update to a vers
- CVE-2022-39389Nov 17, 2022affected < 0.15.4-betafixed 0.15.4-beta
Lightning Network Daemon (lnd) is an implementation of a lightning bitcoin overlay network node. All lnd nodes before version `v0.15.4` are vulnerable to a block parsing bug that can cause a node to enter a degraded state once encountered. In this degraded state, nodes can contin
- CVE-2022-44797Nov 7, 2022affected < 0.15.2-betafixed 0.15.2-beta
btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size checking.
- CVE-2019-12999Jan 31, 2020affected < 0.7.1-betafixed 0.7.1-beta
Lightning Network Daemon (lnd) before 0.7 allows attackers to trigger loss of funds because of Incorrect Access Control.