Vulnerability Details : CVE-2022-44797
btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size checking.
Products affected by CVE-2022-44797
- cpe:2.3:a:btcd_project:btcd:*:*:*:*:*:*:*:*When used together with: Lightning Network Daemon Project » Lightning Network Daemon
Exploit prediction scoring system (EPSS) score for CVE-2022-44797
0.22%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 60 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-44797
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
References for CVE-2022-44797
-
https://github.com/btcsuite/btcd/releases/tag/v0.23.2
Release btcd v0.23.2 · btcsuite/btcd · GitHubRelease Notes;Third Party Advisory
-
https://github.com/btcsuite/btcd/pull/1896
wire: remove erroneous witness size check in wire parsing by Roasbeef · Pull Request #1896 · btcsuite/btcd · GitHubPatch;Third Party Advisory
-
https://github.com/lightningnetwork/lnd/releases/tag/v0.15.2-beta
Release lnd v0.15.2-beta · lightningnetwork/lnd · GitHubRelease Notes;Third Party Advisory
-
https://github.com/lightningnetwork/lnd/issues/7002
[bug]: Fail to chain sync on `testnet3` & `mainnet` errors relating to: script witness item is larger than the max allowed size · Issue #7002 · lightningnetwork/lnd · GitHubExploit;Issue Tracking;Third Party Advisory
Jump to