CVE-2020-26895

Published Oct 21, 2020
Last updated 4 years ago
CVSS medium 5.3
Overview

Description: Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions. This can be exploited by any peer with an open channel regardless of the victim situation (e.g., routing node, payment-receiver, or payment-sender). The impact is a loss of funds in certain situations.
Source: cve@mitre.org
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 5.3
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Severity: MEDIUM
CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:P/A:N
Weaknesses

nvd@nist.gov: CWE-354
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.1:alpha:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C806B233-215F-4084-8593-955A1407FC24"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.1.1:alpha:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C8A336E-FB18-4249-8692-78360BF46ECF"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.2:alpha:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1C6DF0D-51A5-4C97-9A5A-45C728395193"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.2.1:alpha:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "029AC422-BD2C-492B-BEFC-51609F2669C4"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.3:alpha:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B146A72F-0E21-40AC-A822-70D43E927AEB"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.4:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "78681B98-6A34-4052-9D8A-66C50C4AB689"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.4.1:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9658AB1-6590-4D94-84F3-E4CD291C127C"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.4.2:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "433D9C37-77EE-48CC-B7CE-81F430B05EA5"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76EB9B7B-0978-45B7-9AEE-C24B9D247A00"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5:beta_rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93B2A426-190A-4968-A5A0-FF129317E0E1"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5:beta_rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D2431C53-AB13-4203-80F6-4AB915C8ADBE"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5.1:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B6F9135-0553-4B11-AC98-AC745DDFF03B"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5.1:beta_rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74CB5F88-DDD2-4FEF-81E5-D9696E06FD21"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5.1:beta_rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D41220F2-D900-48A9-9328-95DE340A7B51"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5.1:beta_rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF01EEA5-E7B8-4F8F-BD23-9D06036A5F40"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5.1:beta_rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9047955C-DF64-4E86-A731-E37F1830DD2F"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5.2:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E32A8035-28FD-4888-99CC-BEFC7E20AD31"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A28A504C-80CF-4E79-8674-AA097A19F9E6"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6:beta_rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8B53F63-E9B6-49AB-9418-E16EF23BDE16"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6:beta_rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A87FD870-754A-4167-AF21-3986E4A0BAF6"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6:beta_rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "054B141D-B389-4FB7-BE0E-D1D487EBE0E0"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6:beta_rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "895EB24D-00D4-4B67-AB5B-16101652FCD4"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6.1:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "25AB5F82-9C4D-41AC-9FB0-B76D39E9EF20"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6.1:beta_rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0E83B03-6414-41D7-9F2B-1C07E8A18640"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6.1:beta_rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E089FE96-A770-4911-8237-311110C11830"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.0:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "22E617BA-4449-490E-B0F9-B532AA6EABA1"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.0:beta_rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16819283-EDE0-4414-BE6F-402F90E28662"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.0:beta_rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C02718A4-09D0-4850-B06C-C46C70BD6E3C"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.0:beta_rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63E8A06A-03CE-4E65-B808-737951FDE894"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.1:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83203CF6-9E9A-44EA-894C-AF1EA8A2FD72"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.1:beta_rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2E7AEE3-A6B1-4AAC-825E-143318600E43"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.1:beta_rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8FDEE520-4686-4DD2-93AD-176514836526"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.0:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A9A39B1-E7FC-47E1-A19C-5CF8B180A377"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.0:beta_rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "920FAC21-00D8-408B-9371-7F0F17B75D10"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.0:beta_rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "064AFCE6-B8FE-4213-BEF6-C1749F5D108D"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.0:beta_rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2757E731-97D4-4F32-8526-9E98A2E309E4"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.1:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9EEF60FF-01B5-4112-A29A-89ADF6D9398C"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.2:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE6C68BC-BF65-4DEF-82A3-D4B7DF0E152E"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.2:beta_rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9DCD2B37-8BA7-4588-9302-2E02D2C82A66"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.2:beta_rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A85DF0B-DDC2-4D88-8288-AB9BDBFF8C8C"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.0:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BEA29F2A-41FC-411D-9870-414DED92403A"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.0:beta_rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BAB8D1AF-6FCD-41E5-89E0-BE4AD9935718"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.0:beta_rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A49E923C-86E0-411E-90F7-84829D773BC3"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.0:beta_rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A59417E-1206-42A8-B06A-857FE7419835"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.0:beta_rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C2AE7AD-2056-4411-8E64-DC07B90FDD88"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.1:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C55FA144-972F-4614-B344-F733C5DC9ACA"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.1:beta_rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "422108E5-3C8E-4101-9664-B39564C34DC5"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.2:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D853D090-E408-4BE7-A28C-18BFB328AC41"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.0:beta_rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E91EDB73-AD09-47A2-87F7-AB7CA80CBAF2"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.0:beta_rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F032C09F-555B-4726-AF31-3E26A337222F"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.0:beta_rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D0927FD-C0FD-474F-8F4C-A2C41D8BF08E"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.0:beta_rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "351537F0-84DE-4EB2-AF66-1F547B0ECAC2"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.0:beta_rc5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DDA39AA1-3C63-4CA3-BD91-A1870FCB53F7"
          },
          {
            "criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.0:beta_rc6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4A9F188-EF5C-44E7-9893-B81AA851B203"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
