Vulnerability Report: GO-2022-1098

CVE-2022-44797, GHSA-2chg-86hq-7w38
Affects: github.com/btcsuite/btcd
Published: Nov 08, 2022
Modified: Jun 12, 2023

Erroneous message decoding can cause denial of service. Improper checking of maximum witness size during node message decoding prevented nodes in Lightning Labs lnd (before 0.15.2-beta) to sync.

For detailed information about this vulnerability, visit https://github.com/advisories/GHSA-2chg-86hq-7w38.

Affected Packages

Path

Versions

Symbols
github.com/btcsuite/btcd/wire

before v0.23.2
10 affected symbols

Aliases

CVE-2022-44797
GHSA-2chg-86hq-7w38

References

https://github.com/advisories/GHSA-2chg-86hq-7w38
https://github.com/lightningnetwork/lnd/issues/7002
https://github.com/btcsuite/btcd/pull/1896/commits/f523d4ccaa5f34a2f761f16a05f5d6e6665b1168
https://github.com/btcsuite/btcd/releases/tag/v0.23.2
https://vuln.go.dev/ID/GO-2022-1098.json

Credits

rsafier (Github user)Roasbeef (Github user)

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL