{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions. This can be exploited by any peer with an open channel regardless of the victim situation (e.g., routing node, payment-receiver, or payment-sender). The impact is a loss of funds in certain situations."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-21T02:00:23", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://gist.github.com/ariard/fb432a9d2cd3ba24fdc18ccc8c5c6eb4"}, {"tags": ["x_refsource_MISC"], "url": "https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002856.html"}, {"tags": ["x_refsource_MISC"], "url": "https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002858.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2020-26895", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions. This can be exploited by any peer with an open channel regardless of the victim situation (e.g., routing node, payment-receiver, or payment-sender). The impact is a loss of funds in certain situations."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://gist.github.com/ariard/fb432a9d2cd3ba24fdc18ccc8c5c6eb4", "refsource": "MISC", "url": "https://gist.github.com/ariard/fb432a9d2cd3ba24fdc18ccc8c5c6eb4"}, {"name": "https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002856.html", "refsource": "MISC", "url": "https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002856.html"}, {"name": "https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002858.html", "refsource": "MISC", "url": "https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002858.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:03:22.816Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gist.github.com/ariard/fb432a9d2cd3ba24fdc18ccc8c5c6eb4"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002856.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002858.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-26895", "datePublished": "2020-10-21T02:00:23", "dateReserved": "2020-10-09T00:00:00", "dateUpdated": "2024-08-04T16:03:22.816Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.1:alpha:*:*:*:*:*:*", "matchCriteriaId": "C806B233-215F-4084-8593-955A1407FC24", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.1.1:alpha:*:*:*:*:*:*", "matchCriteriaId": "8C8A336E-FB18-4249-8692-78360BF46ECF", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.2:alpha:*:*:*:*:*:*", "matchCriteriaId": "F1C6DF0D-51A5-4C97-9A5A-45C728395193", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.2.1:alpha:*:*:*:*:*:*", "matchCriteriaId": "029AC422-BD2C-492B-BEFC-51609F2669C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.3:alpha:*:*:*:*:*:*", "matchCriteriaId": "B146A72F-0E21-40AC-A822-70D43E927AEB", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.4:beta:*:*:*:*:*:*", "matchCriteriaId": "78681B98-6A34-4052-9D8A-66C50C4AB689", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.4.1:beta:*:*:*:*:*:*", "matchCriteriaId": "E9658AB1-6590-4D94-84F3-E4CD291C127C", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.4.2:beta:*:*:*:*:*:*", "matchCriteriaId": "433D9C37-77EE-48CC-B7CE-81F430B05EA5", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5:beta:*:*:*:*:*:*", "matchCriteriaId": "76EB9B7B-0978-45B7-9AEE-C24B9D247A00", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5:beta_rc1:*:*:*:*:*:*", "matchCriteriaId": "93B2A426-190A-4968-A5A0-FF129317E0E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5:beta_rc2:*:*:*:*:*:*", "matchCriteriaId": "D2431C53-AB13-4203-80F6-4AB915C8ADBE", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5.1:beta:*:*:*:*:*:*", "matchCriteriaId": "2B6F9135-0553-4B11-AC98-AC745DDFF03B", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5.1:beta_rc1:*:*:*:*:*:*", "matchCriteriaId": "74CB5F88-DDD2-4FEF-81E5-D9696E06FD21", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5.1:beta_rc2:*:*:*:*:*:*", "matchCriteriaId": "D41220F2-D900-48A9-9328-95DE340A7B51", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5.1:beta_rc3:*:*:*:*:*:*", "matchCriteriaId": "EF01EEA5-E7B8-4F8F-BD23-9D06036A5F40", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5.1:beta_rc4:*:*:*:*:*:*", "matchCriteriaId": "9047955C-DF64-4E86-A731-E37F1830DD2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5.2:beta:*:*:*:*:*:*", "matchCriteriaId": "E32A8035-28FD-4888-99CC-BEFC7E20AD31", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6:beta:*:*:*:*:*:*", "matchCriteriaId": "A28A504C-80CF-4E79-8674-AA097A19F9E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6:beta_rc1:*:*:*:*:*:*", "matchCriteriaId": "A8B53F63-E9B6-49AB-9418-E16EF23BDE16", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6:beta_rc2:*:*:*:*:*:*", "matchCriteriaId": "A87FD870-754A-4167-AF21-3986E4A0BAF6", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6:beta_rc3:*:*:*:*:*:*", "matchCriteriaId": "054B141D-B389-4FB7-BE0E-D1D487EBE0E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6:beta_rc4:*:*:*:*:*:*", "matchCriteriaId": "895EB24D-00D4-4B67-AB5B-16101652FCD4", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6.1:beta:*:*:*:*:*:*", "matchCriteriaId": "25AB5F82-9C4D-41AC-9FB0-B76D39E9EF20", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6.1:beta_rc1:*:*:*:*:*:*", "matchCriteriaId": "E0E83B03-6414-41D7-9F2B-1C07E8A18640", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6.1:beta_rc2:*:*:*:*:*:*", "matchCriteriaId": "E089FE96-A770-4911-8237-311110C11830", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.0:beta:*:*:*:*:*:*", "matchCriteriaId": "22E617BA-4449-490E-B0F9-B532AA6EABA1", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.0:beta_rc1:*:*:*:*:*:*", "matchCriteriaId": "16819283-EDE0-4414-BE6F-402F90E28662", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.0:beta_rc2:*:*:*:*:*:*", "matchCriteriaId": "C02718A4-09D0-4850-B06C-C46C70BD6E3C", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.0:beta_rc3:*:*:*:*:*:*", "matchCriteriaId": "63E8A06A-03CE-4E65-B808-737951FDE894", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.1:beta:*:*:*:*:*:*", "matchCriteriaId": "83203CF6-9E9A-44EA-894C-AF1EA8A2FD72", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.1:beta_rc1:*:*:*:*:*:*", "matchCriteriaId": "E2E7AEE3-A6B1-4AAC-825E-143318600E43", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.1:beta_rc2:*:*:*:*:*:*", "matchCriteriaId": "8FDEE520-4686-4DD2-93AD-176514836526", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.0:beta:*:*:*:*:*:*", "matchCriteriaId": "0A9A39B1-E7FC-47E1-A19C-5CF8B180A377", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.0:beta_rc1:*:*:*:*:*:*", "matchCriteriaId": "920FAC21-00D8-408B-9371-7F0F17B75D10", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.0:beta_rc2:*:*:*:*:*:*", "matchCriteriaId": "064AFCE6-B8FE-4213-BEF6-C1749F5D108D", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.0:beta_rc3:*:*:*:*:*:*", "matchCriteriaId": "2757E731-97D4-4F32-8526-9E98A2E309E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.1:beta:*:*:*:*:*:*", "matchCriteriaId": "9EEF60FF-01B5-4112-A29A-89ADF6D9398C", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.2:beta:*:*:*:*:*:*", "matchCriteriaId": "FE6C68BC-BF65-4DEF-82A3-D4B7DF0E152E", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.2:beta_rc1:*:*:*:*:*:*", "matchCriteriaId": "9DCD2B37-8BA7-4588-9302-2E02D2C82A66", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.2:beta_rc2:*:*:*:*:*:*", "matchCriteriaId": "7A85DF0B-DDC2-4D88-8288-AB9BDBFF8C8C", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.0:beta:*:*:*:*:*:*", "matchCriteriaId": "BEA29F2A-41FC-411D-9870-414DED92403A", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.0:beta_rc1:*:*:*:*:*:*", "matchCriteriaId": "BAB8D1AF-6FCD-41E5-89E0-BE4AD9935718", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.0:beta_rc2:*:*:*:*:*:*", "matchCriteriaId": "A49E923C-86E0-411E-90F7-84829D773BC3", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.0:beta_rc3:*:*:*:*:*:*", "matchCriteriaId": "2A59417E-1206-42A8-B06A-857FE7419835", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.0:beta_rc4:*:*:*:*:*:*", "matchCriteriaId": "2C2AE7AD-2056-4411-8E64-DC07B90FDD88", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.1:beta:*:*:*:*:*:*", "matchCriteriaId": "C55FA144-972F-4614-B344-F733C5DC9ACA", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.1:beta_rc1:*:*:*:*:*:*", "matchCriteriaId": "422108E5-3C8E-4101-9664-B39564C34DC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.2:beta:*:*:*:*:*:*", "matchCriteriaId": "D853D090-E408-4BE7-A28C-18BFB328AC41", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.0:beta_rc1:*:*:*:*:*:*", "matchCriteriaId": "E91EDB73-AD09-47A2-87F7-AB7CA80CBAF2", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.0:beta_rc2:*:*:*:*:*:*", "matchCriteriaId": "F032C09F-555B-4726-AF31-3E26A337222F", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.0:beta_rc3:*:*:*:*:*:*", "matchCriteriaId": "6D0927FD-C0FD-474F-8F4C-A2C41D8BF08E", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.0:beta_rc4:*:*:*:*:*:*", "matchCriteriaId": "351537F0-84DE-4EB2-AF66-1F547B0ECAC2", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.0:beta_rc5:*:*:*:*:*:*", "matchCriteriaId": "DDA39AA1-3C63-4CA3-BD91-A1870FCB53F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.0:beta_rc6:*:*:*:*:*:*", "matchCriteriaId": "A4A9F188-EF5C-44E7-9893-B81AA851B203", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions. This can be exploited by any peer with an open channel regardless of the victim situation (e.g., routing node, payment-receiver, or payment-sender). The impact is a loss of funds in certain situations."}, {"lang": "es", "value": "Antes de la versi\u00f3n 0.10.0-beta, el LND (Lightning Network Daemon) habr\u00eda aceptado una firma de contrapartida de alta-S y transmitido transacciones de compromiso local/HTLC inv\u00e1lidas de retransmisi\u00f3n tx. Esto puede ser explotado por cualquier par con un canal abierto, independientemente de la situaci\u00f3n de la v\u00edctima (por ejemplo, nodo de enrutamiento, pagador-receptor o pagador-emisor). El impacto es una p\u00e9rdida de fondos en ciertas situaciones"}], "id": "CVE-2020-26895", "lastModified": "2024-11-21T05:20:26.040", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "[email protected]", "type": "Primary"}]}, "published": "2020-10-21T02:15:12.660", "references": [{"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://gist.github.com/ariard/fb432a9d2cd3ba24fdc18ccc8c5c6eb4"}, {"source": "[email protected]", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002856.html"}, {"source": "[email protected]", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002858.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://gist.github.com/ariard/fb432a9d2cd3ba24fdc18ccc8c5c6eb4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002856.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002858.html"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-354"}], "source": "[email protected]", "type": "Primary"}]}

{}