LND Onion Bomb
Severity: High| Affected Product | Affected Versions | Patched Versions |
|---|---|---|
| lnd | < 0.17.0-beta | 0.17.0-beta |
Impact
A parsing vulnerability in lnd’s onion processing logic led to a DoS vector due to excessive memory allocation.
Patches
The issue was patched in lnd v0.17.0. Users should update to a version >= v0.17.0 to be protected.
References
Detailed blog post: https://morehouse.github.io/lightning/lnd-onion-bomb/
Developer discussion: https://delvingbitcoin.org/t/dos-disclosure-lnd-onion-bomb/979