[Lightning-dev] CVE-2020-26895: LND Low-S Tx-Relay Standardness #21
Assignees
Labels
vulnerability
something gets attack
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Background
CVE-2020-26895 was fully disclosed on Oct 20, 2020.
LND v0.10.0-beta, released on April 29,2020, fixed this vulnerability.
Description of vulnerability
High S signature causes signature malleability related to ECDSA signature encoding . To fix signature malleability, Low S signature is propsed in BIP-0146, and high s signature are no longer accepted by btccore.
Affected Component
OBD core, client sdk
Platform
All
Proof-of-concept
CVE-2020-26895 fully disclosed this vunerability.
Vulnerability reproduction output
N/A
Fix
To OBD node, If a signature from client passing to ECDSA verification does not pass the Low S value check and is not an empty byte array, the entire script evaluates to false immediately. OBD shall reject this signature.
Reference
BIP-0146
CVE-2020-26895
Low S signature to fix
The text was updated successfully, but these errors were encountered: