LND Versions Prior to v0.17.0 Vulnerable to LND Onion Bomb DoS Attack

"If you are running an LND release older than this, your funds are at risk! Update to at least v0.17.0 to protect your node."

LND Versions Prior to v0.17.0 Vulnerable to LND Onion Bomb DoS Attack
  • "LND versions prior to 0.17.0 are vulnerable to a DoS attack where malicious onion packets cause the node to instantly run out of memory (OOM) and crash," announced Lightning Network security researcher and developer and OpenSats and Spiral grantee Matt Morehouse.

Morehouse further explains why it is critical that users update to at least LND v0.17.0:

  • The attack is cheap and easy to carry out and will keep the victim offline for as long as it lasts.
  • The source of the attack is concealed via onion routing. The attacker does not need to connect directly to the victim.
  • Prior to LND 0.17.0, all nodes are vulnerable. The fix was not backported to the LND 0.16.x series or earlier.

The attack

  • "It is trivial for an attacker to craft an onion packet that contains an encoded length of UINT32_MAX for the victim’s forwarding instructions. If the victim’s node has less than 4 GB of memory available, it will OOM crash instantly upon receiving the attacker’s packet," states Morehouse.

He further explains that LND nodes with more than 4GB of RAM are not safe from the attack:

"The attacker can send many malicious packets simultaneously. If the victim processes enough malicious packets before the garbage collector kicks in, an OOM will still occur. And since LND decodes onion packets in parallel, it is not difficult for an attacker to beat the garbage collector. In my experiments I was able to consistently crash nodes with up to 128 GB of RAM in just a few seconds."

Full Disclosure / Archive