CVE-2022-44797 - OpenCVE

btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size checking.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Btcd Project	Btcd
Lightning Network Daemon Project	Lightning Network Daemon

Configuration 1 [-]

AND

cpe:2.3:a:btcd_project:btcd:*:*:*:*:*:*:*:*

cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/btcsuite/btcd/pull/1896	Patch Third Party Advisory
https://github.com/btcsuite/btcd/releases/tag/v0.23.2	Release Notes Third Party Advisory
https://github.com/lightningnetwork/lnd/issues/7002	Exploit Issue Tracking Third Party Advisory
https://github.com/lightningnetwork/lnd/releases/tag/v0.15.2-beta	Release Notes Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-11-07T00:00:00

Updated: 2022-11-07T00:00:00

Reserved: 2022-11-07T00:00:00

Link: CVE-2022-44797

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-11-07T04:15:09.650

Modified: 2022-11-14T18:25:33.807

Link: CVE-2022-44797

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:btcd_project:btcd:*:*:*:*:*:*:*:*", "matchCriteriaId": "E378CBBF-D617-43FF-B5C4-E3A0204F1039", "versionEndExcluding": "0.23.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:*:*:*:*:*:*:*:*", "matchCriteriaId": "549EFCEE-BB9C-4E12-9C15-BDBCF9A1792B", "versionEndExcluding": "0.15.2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size checking."}, {"lang": "es", "value": "btcd anterior a 0.23.2, como se usa en Lightning Labs lnd anterior a 0.15.2-beta y otros productos relacionados con Bitcoin, maneja mal la verificaci\u00f3n del tama\u00f1o de los testigos."}], "id": "CVE-2022-44797", "lastModified": "2022-11-14T18:25:33.807", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-07T04:15:09.650", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/btcsuite/btcd/pull/1896"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/btcsuite/btcd/releases/tag/v0.23.2"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/lightningnetwork/lnd/issues/7002"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/lightningnetwork/lnd/releases/tag/v0.15.2-beta"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}