I'm gone for 2 days and your nym gets yanked from the footer and Scoresby's is there? Is this what I think it is?

![](https://m.stacker.news/120860)

Thank you, added them to [my list](https://github.com/ekzyis/lightning-vulns)

One denial-of-service and two theft-of-funds vulnerabilities were fixed in LND 0.19.0. Users should immediately upgrade to 

Large internal queue sizes and an unrestricted incoming connection policy enabled attackers to quickly exhaust LND’s available memory and cause it to crash or hang.

More details are provided in the corresponding 

 excessive failback bug could still be exploited to steal funds from LND nodes. The variant was discovered while drafting an 

 to BOLT 5 that was intended to help prevent similar vulnerabilities in the future.

Weaknesses in LND’s sweeper system enabled an attacker to stall LND’s attempts at claiming expired HTLCs on chain. After stalling for 80 blocks, the attacker could steal essentially the entire channel balance. This vulnerability was discovered during code review of LND’s sweeper rewrite in 2024.

lightning

> *by morehouse*
>
> One denial-of-service and two theft-of-funds vulnerabilities were fixed in LND 0.19.0. Users should immediately upgrade to [LND 0.19.0](https://github.com/lightningnetwork/lnd/releases/tag/v0.19.0-beta) or later protect their funds.
>
> ## The Infinite Inbox DoS
> Large internal queue sizes and an unrestricted incoming connection policy enabled attackers to quickly exhaust LND’s available memory and cause it to crash or hang.
>
> More details are provided in the corresponding [blog post](https://morehouse.github.io/lightning/lnd-infinite-inbox-dos/).
>
> ## The Excessive Failback Exploit #2
> A variant of the [previously disclosed](https://delvingbitcoin.org/t/disclosure-lnd-excessive-failback-exploit/1493) excessive failback bug could still be exploited to steal funds from LND nodes. The variant was discovered while drafting an [update](https://github.com/lightning/bolts/pull/1233) to BOLT 5 that was intended to help prevent similar vulnerabilities in the future.
>
> More details are provided in the corresponding [blog post](https://morehouse.github.io/lightning/lnd-excessive-failback-exploit-2/).
>
> ## The Replacement Stalling Attack
>Weaknesses in LND’s sweeper system enabled an attacker to stall LND’s attempts at claiming expired HTLCs on chain. After stalling for 80 blocks, the attacker could steal essentially the entire channel balance. This vulnerability was discovered during code review of LND’s sweeper rewrite in 2024.
>
> More details are provided in the corresponding [blog post](https://morehouse.github.io/lightning/lnd-replacement-stalling-attack/).

The Infinite Inbox DoSThe Infinite Inbox DoS

The Excessive Failback Exploit #2The Excessive Failback Exploit #2

The Replacement Stalling AttackThe Replacement Stalling Attack