-
Notifications
You must be signed in to change notification settings - Fork 54
/
GO-2022-1098.yaml
35 lines (34 loc) · 1.14 KB
/
GO-2022-1098.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
modules:
- module: github.com/btcsuite/btcd
versions:
- fixed: 0.23.2
vulnerable_at: 0.23.1
packages:
- package: github.com/btcsuite/btcd/wire
symbols:
- MsgTx.BtcDecode
derived_symbols:
- MsgBlock.BtcDecode
- MsgBlock.Deserialize
- MsgBlock.DeserializeNoWitness
- MsgBlock.DeserializeTxLoc
- MsgTx.Deserialize
- MsgTx.DeserializeNoWitness
- ReadMessage
- ReadMessageN
- ReadMessageWithEncodingN
description: |
Erroneous message decoding can cause denial of service.
Improper checking of maximum witness size during node
message decoding prevented nodes in Lightning Labs lnd
(before 0.15.2-beta) to sync.
cves:
- CVE-2022-44797
ghsas:
- GHSA-2chg-86hq-7w38
credit: rsafier and Roasbeef (Github aliases)
references:
- advisory: https://github.com/advisories/GHSA-2chg-86hq-7w38
- report: https://github.com/lightningnetwork/lnd/issues/7002
- fix: https://github.com/btcsuite/btcd/pull/1896/commits/f523d4ccaa5f34a2f761f16a05f5d6e6665b1168
- web: https://github.com/btcsuite/btcd/releases/tag/v0.23.2