CVE-2020-26895

MEDIUM EPSS 48.4%
Published Oct 21, 20205y ago · Modified Jun 17, 20262w ago
5.3 CVSS 3.1
Medium
Find Similar
Published Oct 21, 2020 5y ago
Last Modified Jun 17, 2026 2w ago

Description

Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions. This can be exploited by any peer with an open channel regardless of the victim situation (e.g., routing node, payment-receiver, or payment-sender). The impact is a loss of funds in certain situations.

CVSS Details

Base Score
5.3
Exploitability
3.9
Impact
1.4
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
48.4% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-354

Affected Products 54

VendorProductVersionRange
lightning_network_daemon_projectlightning_network_daemon0.1any
lightning_network_daemon_projectlightning_network_daemon0.1.1any
lightning_network_daemon_projectlightning_network_daemon0.2any
lightning_network_daemon_projectlightning_network_daemon0.2.1any
lightning_network_daemon_projectlightning_network_daemon0.3any
lightning_network_daemon_projectlightning_network_daemon0.4any
lightning_network_daemon_projectlightning_network_daemon0.4.1any
lightning_network_daemon_projectlightning_network_daemon0.4.2any
lightning_network_daemon_projectlightning_network_daemon0.5any
lightning_network_daemon_projectlightning_network_daemon0.5any
lightning_network_daemon_projectlightning_network_daemon0.5any
lightning_network_daemon_projectlightning_network_daemon0.5.1any
lightning_network_daemon_projectlightning_network_daemon0.5.1any
lightning_network_daemon_projectlightning_network_daemon0.5.1any
lightning_network_daemon_projectlightning_network_daemon0.5.1any
lightning_network_daemon_projectlightning_network_daemon0.5.1any
lightning_network_daemon_projectlightning_network_daemon0.5.2any
lightning_network_daemon_projectlightning_network_daemon0.6any
lightning_network_daemon_projectlightning_network_daemon0.6any
lightning_network_daemon_projectlightning_network_daemon0.6any
lightning_network_daemon_projectlightning_network_daemon0.6any
lightning_network_daemon_projectlightning_network_daemon0.6any
lightning_network_daemon_projectlightning_network_daemon0.6.1any
lightning_network_daemon_projectlightning_network_daemon0.6.1any
lightning_network_daemon_projectlightning_network_daemon0.6.1any
lightning_network_daemon_projectlightning_network_daemon0.7.0any
lightning_network_daemon_projectlightning_network_daemon0.7.0any
lightning_network_daemon_projectlightning_network_daemon0.7.0any
lightning_network_daemon_projectlightning_network_daemon0.7.0any
lightning_network_daemon_projectlightning_network_daemon0.7.1any
lightning_network_daemon_projectlightning_network_daemon0.7.1any
lightning_network_daemon_projectlightning_network_daemon0.7.1any
lightning_network_daemon_projectlightning_network_daemon0.8.0any
lightning_network_daemon_projectlightning_network_daemon0.8.0any
lightning_network_daemon_projectlightning_network_daemon0.8.0any
lightning_network_daemon_projectlightning_network_daemon0.8.0any
lightning_network_daemon_projectlightning_network_daemon0.8.1any
lightning_network_daemon_projectlightning_network_daemon0.8.2any
lightning_network_daemon_projectlightning_network_daemon0.8.2any
lightning_network_daemon_projectlightning_network_daemon0.8.2any
lightning_network_daemon_projectlightning_network_daemon0.9.0any
lightning_network_daemon_projectlightning_network_daemon0.9.0any
lightning_network_daemon_projectlightning_network_daemon0.9.0any
lightning_network_daemon_projectlightning_network_daemon0.9.0any
lightning_network_daemon_projectlightning_network_daemon0.9.0any
lightning_network_daemon_projectlightning_network_daemon0.9.1any
lightning_network_daemon_projectlightning_network_daemon0.9.1any
lightning_network_daemon_projectlightning_network_daemon0.9.2any
lightning_network_daemon_projectlightning_network_daemon0.10.0any
lightning_network_daemon_projectlightning_network_daemon0.10.0any
lightning_network_daemon_projectlightning_network_daemon0.10.0any
lightning_network_daemon_projectlightning_network_daemon0.10.0any
lightning_network_daemon_projectlightning_network_daemon0.10.0any
lightning_network_daemon_projectlightning_network_daemon0.10.0any

References 3

  • gist.github.com https://gist.github.com/ariard/fb432a9d2cd3ba24fdc18ccc8c5c6eb4
    Third Party Advisory
  • lists.linuxfoundation.org https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002856.html
    Mailing ListThird Party Advisory
  • lists.linuxfoundation.org https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002858.html
    Mailing ListThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.