Lightning Network reports vulnerabilities that could lead to a loss of funds
Lightning Network’s Common Vulnerabilities and Exposures [CVE] page has informed that the network was facing an issue which “could cause a loss of funds.” The details regarding the issues will be updated four weeks from now i.e. September 27, according to Rusty Russell on a blog post.
The affected CVEs are,
CVE-2019-12998 c-lightning < 0.7.1
CVE-2019-12999 lnd < 0.7
CVE-2019-13000 eclair <= 0.3
“Security issues have been found in various lightning projects which could cause loss of funds. Full details will be released in 4 weeks (2019-09-27), please uprade well before then.”
The full details about the same will be released at a later date once the bugs/issues are fixed. Speaking to AMBCrypto, Adam Back, CEO and Co-founder of Blockstream, stated that version 0.7.1 was released in the beginning of July and that people had nearly three months to upgrade.
“It is good practice for security critical products, and the Bitcoin ecosystem norm to use responsible disclosure where details are released to security reporting process of the product, and for the full details to be released publicly after people have had reasonable notice to upgrade to the fixed version.”