Lightning Network Daemon (LND)'s onion processing logic leads to a denial of service
Package
Affected versions
< 0.17.0-beta
Patched versions
0.17.0-beta
Description
Published to the GitHub Advisory Database
Jun 20, 2024
Reviewed
Jun 20, 2024
Published by the National Vulnerability Database
Jun 20, 2024
Last updated
Nov 18, 2024
Impact
A parsing vulnerability in lnd's onion processing logic led to a DoS vector due to excessive memory allocation.
Patches
The issue was patched in lnd v0.17.0. Users should update to a version >= v0.17.0 to be protected.
References
Detailed blog post: https://morehouse.github.io/lightning/lnd-onion-bomb/
Developer discussion: https://delvingbitcoin.org/t/dos-disclosure-lnd-onion-bomb/979
References