CVE-2021-41593

HIGH
Published Oct 4, 20214y ago · Modified Jun 17, 20262w ago
8.6 CVSS 3.1
High
Find Similar
Published Oct 4, 2021 4y ago
Last Modified Jun 17, 2026 2w ago

Description

Lightning Labs lnd before 0.13.3-beta allows loss of funds because of dust HTLC exposure.

CVSS Details

Base Score
8.6
Exploitability
3.9
Impact
4.7
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity High
Availability Low

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-770

Affected Products 38

VendorProductVersionRange
lightning_network_daemon_projectlightning_network_daemon* <0.11.0
lightning_network_daemon_projectlightning_network_daemon0.11.0any
lightning_network_daemon_projectlightning_network_daemon0.11.0any
lightning_network_daemon_projectlightning_network_daemon0.11.0any
lightning_network_daemon_projectlightning_network_daemon0.11.0any
lightning_network_daemon_projectlightning_network_daemon0.11.0any
lightning_network_daemon_projectlightning_network_daemon0.11.0any
lightning_network_daemon_projectlightning_network_daemon0.11.1any
lightning_network_daemon_projectlightning_network_daemon0.11.1any
lightning_network_daemon_projectlightning_network_daemon0.11.1any
lightning_network_daemon_projectlightning_network_daemon0.11.1any
lightning_network_daemon_projectlightning_network_daemon0.11.1any
lightning_network_daemon_projectlightning_network_daemon0.11.1any
lightning_network_daemon_projectlightning_network_daemon0.12.0any
lightning_network_daemon_projectlightning_network_daemon0.12.0any
lightning_network_daemon_projectlightning_network_daemon0.12.0any
lightning_network_daemon_projectlightning_network_daemon0.12.0any
lightning_network_daemon_projectlightning_network_daemon0.12.0any
lightning_network_daemon_projectlightning_network_daemon0.12.0any
lightning_network_daemon_projectlightning_network_daemon0.12.0any
lightning_network_daemon_projectlightning_network_daemon0.12.1any
lightning_network_daemon_projectlightning_network_daemon0.12.1any
lightning_network_daemon_projectlightning_network_daemon0.12.1any
lightning_network_daemon_projectlightning_network_daemon0.12.1any
lightning_network_daemon_projectlightning_network_daemon0.12.1any
lightning_network_daemon_projectlightning_network_daemon0.12.1any
lightning_network_daemon_projectlightning_network_daemon0.12.1any
lightning_network_daemon_projectlightning_network_daemon0.13.0any
lightning_network_daemon_projectlightning_network_daemon0.13.0any
lightning_network_daemon_projectlightning_network_daemon0.13.0any
lightning_network_daemon_projectlightning_network_daemon0.13.0any
lightning_network_daemon_projectlightning_network_daemon0.13.0any
lightning_network_daemon_projectlightning_network_daemon0.13.0any
lightning_network_daemon_projectlightning_network_daemon0.13.1any
lightning_network_daemon_projectlightning_network_daemon0.13.1any
lightning_network_daemon_projectlightning_network_daemon0.13.1any
lightning_network_daemon_projectlightning_network_daemon0.13.2any
lightning_network_daemon_projectlightning_network_daemon0.13.3any

References 6

  • bitcoinmagazine.com https://bitcoinmagazine.com/technical/good-griefing-a-lingering-vulnerability-on-lightning-network-that-still-needs-fixing
    Press/Media CoverageThird Party Advisory
  • github.com https://github.com/lightningnetwork/lnd/blob/master/docs/release-notes/release-notes-0.13.3.md
    Release NotesThird Party Advisory
  • github.com https://github.com/lightningnetwork/lnd/releases/tag/v0.13.3-beta
    Third Party Advisory
  • lists.linuxfoundation.org https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-May/002714.html
    Mailing ListVendor Advisory
  • lists.linuxfoundation.org https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-October/003257.html
    Mailing ListVendor Advisory
  • lists.linuxfoundation.org https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-October/003264.html
    ExploitMailing ListVendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.