CVE-2024-34694

Published: Jun 14, 2024Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Exploitability: 2.8 / Impact: 5.2

Source: security-advisories@github.com (Secondary)

Description

LNbits is a Lightning wallet and accounts system. Paying invoices in Eclair that do not get settled within the internal timeout (about 30s) lead to a payment being considered failed, even though it may still be in flight. This vulnerability can lead to a total loss of funds for the node backend. This vulnerability is fixed in 0.12.6.

Related CWEs

CWE-754

Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

References (2)

https://github.com/lnbits/lnbits/security/advisories/GHSA-3j4h-h3fp-vwww

Source: security-advisories@github.com

https://github.com/lnbits/lnbits/security/advisories/GHSA-3j4h-h3fp-vwww

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.