VYPR

Libp2p Gossipsub

by Ipld

Source repositories

CVEs (2)

  • CVE-2026-33040HigMar 20, 2026
    risk 0.49cvss 7.5epss 0.00

    libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.49.3, the Gossipsub implementation accepts attacker-controlled PRUNE backoff values and may perform unchecked time arithmetic when storing backoff state. A specially…

  • CVE-2026-34219MedMar 31, 2026
    risk 0.38cvss 5.9epss 0.00

    libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to version 0.49.4, the Rust libp2p Gossipsub implementation contains a remotely reachable panic in backoff expiry handling. After a peer sends a crafted PRUNE control message with an…