Medium severity5.3GHSA Advisory· Published Oct 25, 2024· Updated Jun 17, 2026
CVE-2023-26248
CVE-2023-26248
Description
The Kademlia DHT (go-libp2p-kad-dht 0.20.0 and earlier) used in IPFS (0.18.1 and earlier) assigns routing information for content (i.e., information about who holds the content) to be stored by peers whose peer IDs have a small DHT distance from the content ID. This allows an attacker to censor content by generating many Sybil peers whose peer IDs have a small distance from the content ID, thus hijacking the content resolution process.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/libp2p/go-libp2p-kad-dhtGo | <= 0.20.0 | — |
Affected products
44- Range: <= 0.20.0
- osv-coords43 versionspkg:apk/chainguard/ipfs-clusterpkg:apk/chainguard/ipfs-cluster-fipspkg:apk/chainguard/k3spkg:apk/chainguard/k3s-1.31pkg:apk/chainguard/k3s-1.32pkg:apk/chainguard/k3s-1.33pkg:apk/chainguard/k3s-1.34pkg:apk/chainguard/k3s-1.35pkg:apk/chainguard/k3s-staticpkg:apk/chainguard/k3s-static-1.31pkg:apk/chainguard/k3s-static-1.32pkg:apk/chainguard/k3s-static-1.33pkg:apk/chainguard/k3s-static-1.34pkg:apk/chainguard/k3s-static-1.35pkg:apk/chainguard/kubopkg:apk/chainguard/kubo-fipspkg:apk/chainguard/rke2-runtime-1.32pkg:apk/chainguard/rke2-runtime-1.33pkg:apk/chainguard/rke2-runtime-1.34pkg:apk/chainguard/rke2-runtime-1.35pkg:apk/chainguard/rke2-runtime-1.36pkg:apk/chainguard/rke2-runtime-fips-1.32pkg:apk/chainguard/rke2-runtime-fips-1.33pkg:apk/chainguard/rke2-runtime-fips-1.34pkg:apk/chainguard/rke2-runtime-fips-1.35pkg:apk/chainguard/rke2-runtime-fips-1.36pkg:apk/chainguard/spegelpkg:apk/chainguard/spegel-fipspkg:apk/wolfi/ipfs-clusterpkg:apk/wolfi/k3spkg:apk/wolfi/k3s-1.32pkg:apk/wolfi/k3s-1.33pkg:apk/wolfi/k3s-1.34pkg:apk/wolfi/k3s-1.35pkg:apk/wolfi/k3s-staticpkg:apk/wolfi/k3s-static-1.32pkg:apk/wolfi/k3s-static-1.33pkg:apk/wolfi/k3s-static-1.34pkg:apk/wolfi/k3s-static-1.35pkg:apk/wolfi/kubopkg:apk/wolfi/spegelpkg:golang/github.com/libp2p/go-libp2p-kad-dhtpkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed
< 0+ 42 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.31.6.1-r27
- (no CPE)range: < 1.32.13.1-r22
- (no CPE)range: < 1.33.13.1-r0
- (no CPE)range: < 1.34.9.1-r1
- (no CPE)range: < 1.35.6.1-r2
- (no CPE)range: < 0
- (no CPE)range: < 1.31.6.1-r27
- (no CPE)range: < 1.32.13.1-r22
- (no CPE)range: < 1.33.13.1-r0
- (no CPE)range: < 1.34.9.1-r1
- (no CPE)range: < 1.35.6.1-r2
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.32.13.2.2-r3
- (no CPE)range: < 1.33.13.2.1-r1
- (no CPE)range: < 1.34.9.2.1-r1
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.32.13.2.2-r2
- (no CPE)range: < 1.33.13.2.1-r0
- (no CPE)range: < 1.34.9.2.1-r0
- (no CPE)range: < 1.35.6.2.1-r1
- (no CPE)range: < 1.36.1.2.2-r4
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.32.13.1-r22
- (no CPE)range: < 1.33.13.1-r0
- (no CPE)range: < 1.34.9.1-r1
- (no CPE)range: < 1.35.6.1-r2
- (no CPE)range: < 0
- (no CPE)range: < 1.32.13.1-r22
- (no CPE)range: < 1.33.13.1-r0
- (no CPE)range: < 1.34.9.1-r1
- (no CPE)range: < 1.35.6.1-r2
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: <= 0.20.0
- (no CPE)range: < 0.0.20241213T205935-1.1
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-mqr9-hjr8-2m9wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-26248ghsaADVISORY
- arxiv.org/abs/2307.12212nvdWEB
- pkg.go.dev/vuln/GO-2024-3218ghsaWEB
News mentions
0No linked articles in our index yet.