Go modules package
github.com/libp2p/go-libp2p
pkg:golang/github.com/libp2p/go-libp2p
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-40583 | — | < 0.27.4 | 0.27.4 | Aug 25, 2023 | libp2p is a networking stack and library modularized out of The IPFS Project, and bundled separately for other tools to use. In go-libp2p, by using signed peer records a malicious actor can store an arbitrary amount of data in a remote node’s memory. This memory does not get garb | ||
| CVE-2023-39533 | — | < 0.27.8 | 0.27.8 | Aug 8, 2023 | go-libp2p is the Go implementation of the libp2p Networking Stack. Prior to versions 0.27.8, 0.28.2, and 0.29.1 malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key. This vulnerability | ||
| CVE-2022-23492 | — | < 0.18.0 | 0.18.0 | Dec 8, 2022 | go-libp2p is the offical libp2p implementation in the Go programming language. Version `0.18.0` and older of go-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can cause the |
- CVE-2023-40583Aug 25, 2023affected < 0.27.4fixed 0.27.4
libp2p is a networking stack and library modularized out of The IPFS Project, and bundled separately for other tools to use. In go-libp2p, by using signed peer records a malicious actor can store an arbitrary amount of data in a remote node’s memory. This memory does not get garb
- CVE-2023-39533Aug 8, 2023affected < 0.27.8fixed 0.27.8
go-libp2p is the Go implementation of the libp2p Networking Stack. Prior to versions 0.27.8, 0.28.2, and 0.29.1 malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key. This vulnerability
- CVE-2022-23492Dec 8, 2022affected < 0.18.0fixed 0.18.0
go-libp2p is the offical libp2p implementation in the Go programming language. Version `0.18.0` and older of go-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can cause the