Vulnerability in Lightning implementations discovered

A vulnerability has been discovered in several Lightning implementations. This vulnerability can result in the loss of funds managed in Lightning applications.

The discovery was announced to the world via the Lightning mailing list, after which so-called Common Vulnerabilities and Exposures numbers were linked to the vulnerabilities. The CVEs for the Lightning implementations are:

CVE-2019-12998 for c-lightning, versions prior to 0.7 CVE-2019-12999 for lnd, versions prior to 0.7.1 CVE-2019-13000 for eclair, versions prior to 0.3

It has also become known that the vulnerability has actually been used in the wild. At the end of the month, the vulnerability will be published on CVE’s website, and more will become clear about what exactly went wrong.

This development once again emphasizes the importance of caution when it comes to new techniques. Lightning is still in an early phase, and has set limits for the credits that can be held in payment channels for a reason.

It is therefore important that everyone who has a Lightning node updates it to the latest version. Can’t get out of here? Please contact the developers of the specific implementation.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

© 2024 Cryptocoin