CVE-2021-41593
HIGH
Published Oct 4, 20214y ago · Modified Jun 17, 20262w ago
8.6 CVSS 3.1
Published Oct 4, 2021 4y ago
Last Modified Jun 17, 2026 2w ago
Description
Lightning Labs lnd before 0.13.3-beta allows loss of funds because of dust HTLC exposure.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity High
Availability Low
Threat Intelligence
No active exploitation signals — not in CISA KEV and no EPSS score yet.
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-770
Affected Products 38
| Vendor | Product | Version | Range |
|---|---|---|---|
| lightning_network_daemon_project | lightning_network_daemon | * | <0.11.0 |
| lightning_network_daemon_project | lightning_network_daemon | 0.11.0 | any |
| lightning_network_daemon_project | lightning_network_daemon | 0.11.0 | any |
| lightning_network_daemon_project | lightning_network_daemon | 0.11.0 | any |
| lightning_network_daemon_project | lightning_network_daemon | 0.11.0 | any |
| lightning_network_daemon_project | lightning_network_daemon | 0.11.0 | any |
| lightning_network_daemon_project | lightning_network_daemon | 0.11.0 | any |
| lightning_network_daemon_project | lightning_network_daemon | 0.11.1 | any |
| lightning_network_daemon_project | lightning_network_daemon | 0.11.1 | any |
| lightning_network_daemon_project | lightning_network_daemon | 0.11.1 | any |
| lightning_network_daemon_project | lightning_network_daemon | 0.11.1 | any |
| lightning_network_daemon_project | lightning_network_daemon | 0.11.1 | any |
| lightning_network_daemon_project | lightning_network_daemon | 0.11.1 | any |
| lightning_network_daemon_project | lightning_network_daemon | 0.12.0 | any |
| lightning_network_daemon_project | lightning_network_daemon | 0.12.0 | any |
| lightning_network_daemon_project | lightning_network_daemon | 0.12.0 | any |
| lightning_network_daemon_project | lightning_network_daemon | 0.12.0 | any |
| lightning_network_daemon_project | lightning_network_daemon | 0.12.0 | any |
| lightning_network_daemon_project | lightning_network_daemon | 0.12.0 | any |
| lightning_network_daemon_project | lightning_network_daemon | 0.12.0 | any |
| lightning_network_daemon_project | lightning_network_daemon | 0.12.1 | any |
| lightning_network_daemon_project | lightning_network_daemon | 0.12.1 | any |
| lightning_network_daemon_project | lightning_network_daemon | 0.12.1 | any |
| lightning_network_daemon_project | lightning_network_daemon | 0.12.1 | any |
| lightning_network_daemon_project | lightning_network_daemon | 0.12.1 | any |
| lightning_network_daemon_project | lightning_network_daemon | 0.12.1 | any |
| lightning_network_daemon_project | lightning_network_daemon | 0.12.1 | any |
| lightning_network_daemon_project | lightning_network_daemon | 0.13.0 | any |
| lightning_network_daemon_project | lightning_network_daemon | 0.13.0 | any |
| lightning_network_daemon_project | lightning_network_daemon | 0.13.0 | any |
| lightning_network_daemon_project | lightning_network_daemon | 0.13.0 | any |
| lightning_network_daemon_project | lightning_network_daemon | 0.13.0 | any |
| lightning_network_daemon_project | lightning_network_daemon | 0.13.0 | any |
| lightning_network_daemon_project | lightning_network_daemon | 0.13.1 | any |
| lightning_network_daemon_project | lightning_network_daemon | 0.13.1 | any |
| lightning_network_daemon_project | lightning_network_daemon | 0.13.1 | any |
| lightning_network_daemon_project | lightning_network_daemon | 0.13.2 | any |
| lightning_network_daemon_project | lightning_network_daemon | 0.13.3 | any |
References 6
- bitcoinmagazine.com https://bitcoinmagazine.com/technical/good-griefing-a-lingering-vulnerability-on-lightning-network-that-still-needs-fixing
- github.com https://github.com/lightningnetwork/lnd/blob/master/docs/release-notes/release-notes-0.13.3.md
- github.com https://github.com/lightningnetwork/lnd/releases/tag/v0.13.3-beta
- lists.linuxfoundation.org https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-May/002714.html
- lists.linuxfoundation.org https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-October/003257.html
- lists.linuxfoundation.org https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-October/003264.html
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.