{"id":"GO-2022-1098","summary":"Denial of service in message decoding in github.com/btcsuite/btcd","details":"Erroneous message decoding can cause denial of service.\n\nImproper checking of maximum witness size during node message decoding prevented nodes in Lightning Labs lnd (before 0.15.2-beta) to sync.","aliases":["CVE-2022-44797","GHSA-2chg-86hq-7w38"],"modified":"2024-05-20T16:03:47Z","published":"2022-11-08T16:49:06Z","database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2022-1098"},"references":[{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-2chg-86hq-7w38"},{"type":"REPORT","url":"https://github.com/lightningnetwork/lnd/issues/7002"},{"type":"FIX","url":"https://github.com/btcsuite/btcd/pull/1896/commits/f523d4ccaa5f34a2f761f16a05f5d6e6665b1168"},{"type":"WEB","url":"https://github.com/btcsuite/btcd/releases/tag/v0.23.2"}],"affected":[{"package":{"name":"github.com/btcsuite/btcd","ecosystem":"Go","purl":"pkg:golang/github.com/btcsuite/btcd"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.23.2"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/btcsuite/btcd/wire","symbols":["MsgBlock.BtcDecode","MsgBlock.Deserialize","MsgBlock.DeserializeNoWitness","MsgBlock.DeserializeTxLoc","MsgTx.BtcDecode","MsgTx.Deserialize","MsgTx.DeserializeNoWitness","ReadMessage","ReadMessageN","ReadMessageWithEncodingN"]}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2022-1098.json"}}],"schema_version":"1.7.3","credits":[{"name":"rsafier (Github user)"},{"name":"Roasbeef (Github user)"}]}