PT-2022-27317 · Btcd+1 · Btcd+1
Rsafier
·
Published
2022-11-07
·
Updated
2022-11-14
·
CVE-2022-44797
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
btcd versions prior to 0.23.2
lnd versions prior to 0.15.2-beta
Description
The issue is related to the mishandling of witness size checking, which can cause denial of service due to erroneous message decoding. Improper checking of maximum witness size during node message decoding prevents nodes from syncing.
Recommendations
For btcd versions prior to 0.23.2, update to version 0.23.2 or later.
For lnd versions prior to 0.15.2-beta, update to version 0.15.2-beta or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Btcd
Lnd