VYPR

LND

by LND

CVEs (2)

  • CVE-2020-26896HigOct 21, 2020
    risk 0.53cvss 8.2epss 0.01

    Prior to 0.11.0-beta, LND (Lightning Network Daemon) had a vulnerability in its invoice database. While claiming on-chain a received HTLC output, it didn't verify that the corresponding outgoing off-chain HTLC was already settled before releasing the preimage. In the case of a…

  • CVE-2020-26895MedOct 21, 2020
    risk 0.35cvss 5.3epss 0.01

    Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions. This can be exploited by any peer with an open channel regardless of the victim situation (e.g., routing…