{ "schema_version": "1.3.1", "id": "GO-2022-1098", "modified": "0001-01-01T00:00:00Z", "published": "0001-01-01T00:00:00Z", "aliases": [ "CVE-2022-44797", "GHSA-2chg-86hq-7w38" ], "summary": "Denial of service in message decoding in github.com/btcsuite/btcd", "details": "Erroneous message decoding can cause denial of service.\n\nImproper checking of maximum witness size during node message decoding prevented nodes in Lightning Labs lnd (before 0.15.2-beta) to sync.", "affected": [ { "package": { "name": "github.com/btcsuite/btcd", "ecosystem": "Go" }, "ranges": [ { "type": "SEMVER", "events": [ { "introduced": "0" }, { "fixed": "0.23.2" } ] } ], "ecosystem_specific": { "imports": [ { "path": "github.com/btcsuite/btcd/wire", "symbols": [ "MsgBlock.BtcDecode", "MsgBlock.Deserialize", "MsgBlock.DeserializeNoWitness", "MsgBlock.DeserializeTxLoc", "MsgTx.BtcDecode", "MsgTx.Deserialize", "MsgTx.DeserializeNoWitness", "ReadMessage", "ReadMessageN", "ReadMessageWithEncodingN" ] } ] } } ], "references": [ { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-2chg-86hq-7w38" }, { "type": "REPORT", "url": "https://github.com/lightningnetwork/lnd/issues/7002" }, { "type": "FIX", "url": "https://github.com/btcsuite/btcd/pull/1896/commits/f523d4ccaa5f34a2f761f16a05f5d6e6665b1168" }, { "type": "WEB", "url": "https://github.com/btcsuite/btcd/releases/tag/v0.23.2" } ], "credits": [ { "name": "rsafier (Github user)" }, { "name": "Roasbeef (Github user)" } ], "database_specific": { "url": "https://pkg.go.dev/vuln/GO-2022-1098", "review_status": "REVIEWED" } }