VYPR

Go modules package

github.com/libp2p/go-libp2p

pkg:golang/github.com/libp2p/go-libp2p

Vulnerabilities (3)

  • CVE-2023-40583Aug 25, 2023
    affected < 0.27.4fixed 0.27.4

    libp2p is a networking stack and library modularized out of The IPFS Project, and bundled separately for other tools to use. In go-libp2p, by using signed peer records a malicious actor can store an arbitrary amount of data in a remote node’s memory. This memory does not get garb

  • CVE-2023-39533Aug 8, 2023
    affected < 0.27.8fixed 0.27.8

    go-libp2p is the Go implementation of the libp2p Networking Stack. Prior to versions 0.27.8, 0.28.2, and 0.29.1 malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key. This vulnerability

  • CVE-2022-23492Dec 8, 2022
    affected < 0.18.0fixed 0.18.0

    go-libp2p is the offical libp2p implementation in the Go programming language. Version `0.18.0` and older of go-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can cause the