CVE-2022-44797
CRITICALbtcd < 0.23.2 - Denial of Service via Witness Size Check Mishandling
Title source: llmDescription
btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size checking.
References (4)
Core 4
Core References
Patch, Third Party Advisory
https://github.com/btcsuite/btcd/pull/1896
Release Notes, Third Party Advisory
https://github.com/btcsuite/btcd/releases/tag/v0.23.2
Exploit, Issue Tracking, Third Party Advisory
https://github.com/lightningnetwork/lnd/issues/7002
Release Notes, Third Party Advisory
https://github.com/lightningnetwork/lnd/releases/tag/v0.15.2-beta
Scores
CVSS v3
9.8
EPSS
0.0120
EPSS Percentile
64.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
Status
published
Products (3)
btcd_project/btcd
< 0.23.2
btcsuite/btcd
0 - 0.23.2Go
lightningnetwork/lnd
0 - 0.15.2-betaGo
Published
Nov 07, 2022
Tracked Since
Feb 18, 2026