CVE-2021-41593
HIGHLightning Labs lnd < 0.13.3-beta - Loss of Funds via Dust HTLC Exposure
Title source: llmDescription
Lightning Labs lnd before 0.13.3-beta allows loss of funds because of dust HTLC exposure.
References (6)
Core 6
Core References
Mailing List, Vendor Advisory x_refsource_misc
https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-May/002714.html
Press/Media Coverage, Third Party Advisory x_refsource_misc
https://bitcoinmagazine.com/technical/good-griefing-a-lingering-vulnerability-on-lightning-network-that-still-needs-fixing
Mailing List, Vendor Advisory x_refsource_misc
https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-October/003257.html
Third Party Advisory x_refsource_misc
https://github.com/lightningnetwork/lnd/releases/tag/v0.13.3-beta
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/lightningnetwork/lnd/blob/master/docs/release-notes/release-notes-0.13.3.md
Exploit, Mailing List, Vendor Advisory x_refsource_misc
https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-October/003264.html
Scores
CVSS v3
8.6
EPSS
0.0187
EPSS Percentile
76.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
Details
CWE
CWE-770
Status
published
Products (9)
lightning_network_daemon_project/lightning_network_daemon
0.11.0 (6 CPE variants)
lightning_network_daemon_project/lightning_network_daemon
0.11.1 beta (6 CPE variants)
lightning_network_daemon_project/lightning_network_daemon
0.12.0 beta (7 CPE variants)
lightning_network_daemon_project/lightning_network_daemon
0.12.1 beta (7 CPE variants)
lightning_network_daemon_project/lightning_network_daemon
0.13.0 beta (6 CPE variants)
lightning_network_daemon_project/lightning_network_daemon
0.13.1 beta (3 CPE variants)
lightning_network_daemon_project/lightning_network_daemon
0.13.2 beta
lightning_network_daemon_project/lightning_network_daemon
0.13.3 beta_rc2
lightning_network_daemon_project/lightning_network_daemon
< 0.11.0
Published
Oct 04, 2021
Tracked Since
Feb 18, 2026