CVE-2024-38359

Summary

CVE-2024-38359 is a vulnerability affecting the Lightning Network Daemon (lnd). This issue is related to a parsing flaw in lnd's onion processing logic, leading to excessive memory allocation and resulting in a Denial of Service (DoS) vector. The vulnerability was patched in version 0.17.0 of lnd, and it is strongly recommended that users upgrade to a version above 0.17.0 for protection. For those unable to upgrade, mitigation measures include setting the `--rejecthtlc` CLI flag, disabling forwarding on channels using the `UpdateChanPolicyCommand`, or disabling listening on a public network interface via the `--nolisten` flag.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.