Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Posted by Antoine Riard

Oct 17, 2023/18:47 UTC

In a recent email, the sender apologizes for a typo and acknowledges that English is not their native language. They mention a previous email from August 11, 2023, where they discussed conducting experiments related to Lightning infrastructure vulnerabilities.

The sender expresses their willingness to participate in these experiments and suggests adjusting the disclosure date based on the learnings gained. However, they note that the number of experts worldwide who have the necessary knowledge and understanding of Lightning is limited to those listed on the disclosure emails. Additionally, at the time of the email, there were other undisclosed security issues, such as the "fake channel DoS vector" revealed on August 23, 2023.

Due to these factors, the experiments mentioned were not conducted.

Link to Raw Post

Thread Summary (69 replies)

Oct 16 - Nov 17, 2023

Bitcoin Logo

TLDR

Join Our Newsletter

We’ll email you summaries of the latest discussions from authoritative bitcoin sources, like bitcoin-dev, lightning-dev, and Delving Bitcoin.

Explore all Products

ChatBTC imageBitcoin searchBitcoin TranscriptsSaving SatoshiBitcoin Transcripts Review
Built with 🧡 by the Bitcoin Dev Project
View our public visitor count

We'd love to hear your feedback on this project?

Give Feedback