CVE-2024-38359

Name of the Vulnerable Software and Affected Versions Lightning Network Daemon (lnd) versions prior to 0.17.0

Description A parsing vulnerability in lnd's onion processing logic leads to a denial of service vector due to excessive memory allocation.

Recommendations For versions prior to 0.17.0, update to a version >= 0.17.0 to be protected. As a temporary workaround for users unable to upgrade, consider setting the --rejecthtlc CLI flag and also disable forwarding on channels via the UpdateChanPolicyCommand, or disable listening on a public network interface via the --nolisten flag to mitigate the issue.