CVE-2021-41592
CRITICALc-lightning < 0.10.1 - Allocation of Resources Without Limits or Throttling
Title source: llmDescription
Blockstream c-lightning through 0.10.1 allows loss of funds because of dust HTLC exposure.
References (5)
Core 5
Core References
Mailing List, Vendor Advisory x_refsource_misc
https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-May/002714.html
Press/Media Coverage, Third Party Advisory x_refsource_misc
https://bitcoinmagazine.com/technical/good-griefing-a-lingering-vulnerability-on-lightning-network-that-still-needs-fixing
Third Party Advisory x_refsource_misc
https://github.com/ElementsProject/lightning
Mailing List, Mitigation, Vendor Advisory x_refsource_misc
https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-October/003257.html
Mailing List, Vendor Advisory x_refsource_misc
https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-October/003264.html
Scores
CVSS v3
9.4
EPSS
0.0150
EPSS Percentile
70.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Details
CWE
CWE-770
Status
published
Products (1)
elementsproject/c-lightning
< 0.10.1
Published
Oct 04, 2021
Tracked Since
Feb 18, 2026