VYPR

Go Libp2p

by Libp2p

CVEs (4)

  • CVE-2026-52878higJun 5, 2026
    risk 0.38cvss epss 0.00

    ## Summary Every transaction gossiped on the klever-go P2P network is decoded and validated synchronously inside the libp2p pubsub topic-validator callback. The validator `txVersionChecker.CheckTxVersion` dereferences `tx.RawData.Version` with no nil check. A protobuf…

  • CVE-2023-40583Aug 25, 2023
    risk 0.00cvss epss 0.01

    libp2p is a networking stack and library modularized out of The IPFS Project, and bundled separately for other tools to use. In go-libp2p, by using signed peer records a malicious actor can store an arbitrary amount of data in a remote node’s memory. This memory does not get…

  • CVE-2023-39533Aug 8, 2023
    risk 0.00cvss epss 0.01

    go-libp2p is the Go implementation of the libp2p Networking Stack. Prior to versions 0.27.8, 0.28.2, and 0.29.1 malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key. This…

  • CVE-2022-23492Dec 8, 2022
    risk 0.00cvss epss 0.01

    go-libp2p is the offical libp2p implementation in the Go programming language. Version `0.18.0` and older of go-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can cause…