CVE-2020-26895

{"id": "CVE-2020-26895", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2020-10-21T02:15:12.660", "references": [{"url": "https://gist.github.com/ariard/fb432a9d2cd3ba24fdc18ccc8c5c6eb4", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002856.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002858.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-354"}]}], "descriptions": [{"lang": "en", "value": "Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions. This can be exploited by any peer with an open channel regardless of the victim situation (e.g., routing node, payment-receiver, or payment-sender). The impact is a loss of funds in certain situations."}, {"lang": "es", "value": "Antes de la versi\u00f3n 0.10.0-beta, el LND (Lightning Network Daemon) habr\u00eda aceptado una firma de contrapartida de alta-S y transmitido transacciones de compromiso local/HTLC inv\u00e1lidas de retransmisi\u00f3n tx. Esto puede ser explotado por cualquier par con un canal abierto, independientemente de la situaci\u00f3n de la v\u00edctima (por ejemplo, nodo de enrutamiento, pagador-receptor o pagador-emisor). El impacto es una p\u00e9rdida de fondos en ciertas situaciones"}], "lastModified": "2020-10-30T19:17:15.133", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.1:alpha:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C806B233-215F-4084-8593-955A1407FC24"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.1.1:alpha:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C8A336E-FB18-4249-8692-78360BF46ECF"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.2:alpha:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1C6DF0D-51A5-4C97-9A5A-45C728395193"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.2.1:alpha:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "029AC422-BD2C-492B-BEFC-51609F2669C4"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.3:alpha:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B146A72F-0E21-40AC-A822-70D43E927AEB"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.4:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78681B98-6A34-4052-9D8A-66C50C4AB689"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.4.1:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9658AB1-6590-4D94-84F3-E4CD291C127C"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.4.2:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "433D9C37-77EE-48CC-B7CE-81F430B05EA5"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76EB9B7B-0978-45B7-9AEE-C24B9D247A00"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5:beta_rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93B2A426-190A-4968-A5A0-FF129317E0E1"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5:beta_rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2431C53-AB13-4203-80F6-4AB915C8ADBE"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5.1:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B6F9135-0553-4B11-AC98-AC745DDFF03B"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5.1:beta_rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74CB5F88-DDD2-4FEF-81E5-D9696E06FD21"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5.1:beta_rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D41220F2-D900-48A9-9328-95DE340A7B51"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5.1:beta_rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF01EEA5-E7B8-4F8F-BD23-9D06036A5F40"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5.1:beta_rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9047955C-DF64-4E86-A731-E37F1830DD2F"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5.2:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E32A8035-28FD-4888-99CC-BEFC7E20AD31"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A28A504C-80CF-4E79-8674-AA097A19F9E6"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6:beta_rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8B53F63-E9B6-49AB-9418-E16EF23BDE16"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6:beta_rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A87FD870-754A-4167-AF21-3986E4A0BAF6"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6:beta_rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "054B141D-B389-4FB7-BE0E-D1D487EBE0E0"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6:beta_rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "895EB24D-00D4-4B67-AB5B-16101652FCD4"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6.1:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25AB5F82-9C4D-41AC-9FB0-B76D39E9EF20"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6.1:beta_rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0E83B03-6414-41D7-9F2B-1C07E8A18640"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6.1:beta_rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E089FE96-A770-4911-8237-311110C11830"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.0:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22E617BA-4449-490E-B0F9-B532AA6EABA1"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.0:beta_rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16819283-EDE0-4414-BE6F-402F90E28662"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.0:beta_rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C02718A4-09D0-4850-B06C-C46C70BD6E3C"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.0:beta_rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63E8A06A-03CE-4E65-B808-737951FDE894"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.1:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83203CF6-9E9A-44EA-894C-AF1EA8A2FD72"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.1:beta_rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2E7AEE3-A6B1-4AAC-825E-143318600E43"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.1:beta_rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8FDEE520-4686-4DD2-93AD-176514836526"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.0:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A9A39B1-E7FC-47E1-A19C-5CF8B180A377"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.0:beta_rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "920FAC21-00D8-408B-9371-7F0F17B75D10"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.0:beta_rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "064AFCE6-B8FE-4213-BEF6-C1749F5D108D"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.0:beta_rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2757E731-97D4-4F32-8526-9E98A2E309E4"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.1:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9EEF60FF-01B5-4112-A29A-89ADF6D9398C"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.2:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE6C68BC-BF65-4DEF-82A3-D4B7DF0E152E"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.2:beta_rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DCD2B37-8BA7-4588-9302-2E02D2C82A66"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.2:beta_rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A85DF0B-DDC2-4D88-8288-AB9BDBFF8C8C"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.0:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BEA29F2A-41FC-411D-9870-414DED92403A"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.0:beta_rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAB8D1AF-6FCD-41E5-89E0-BE4AD9935718"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.0:beta_rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A49E923C-86E0-411E-90F7-84829D773BC3"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.0:beta_rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A59417E-1206-42A8-B06A-857FE7419835"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.0:beta_rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C2AE7AD-2056-4411-8E64-DC07B90FDD88"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.1:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C55FA144-972F-4614-B344-F733C5DC9ACA"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.1:beta_rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "422108E5-3C8E-4101-9664-B39564C34DC5"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.2:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D853D090-E408-4BE7-A28C-18BFB328AC41"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.0:beta_rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E91EDB73-AD09-47A2-87F7-AB7CA80CBAF2"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.0:beta_rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F032C09F-555B-4726-AF31-3E26A337222F"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.0:beta_rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D0927FD-C0FD-474F-8F4C-A2C41D8BF08E"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.0:beta_rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "351537F0-84DE-4EB2-AF66-1F547B0ECAC2"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.0:beta_rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DDA39AA1-3C63-4CA3-BD91-A1870FCB53F7"}, {"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.0:beta_rc6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4A9F188-EF5C-44E7-9893-B81AA851B203"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}