Ipld
Products
8- 3 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 0 CVEs
- 0 CVEs
- 0 CVEs
- 0 CVEs
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-35457 | Hig | 0.53 | 8.2 | 0.00 | Apr 7, 2026 | libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, the rendezvous server stores pagination cookies without bounds. An unauthenticated peer can repeatedly issue DISCOVER requests and force unbounded memory growth. This… | ||
| CVE-2026-35405 | Hig | 0.49 | 7.5 | 0.00 | Apr 7, 2026 | libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, libp2p-rendezvous server has no limit on how many namespaces a single peer can register. A malicious peer can just keep registering unique namespaces in a loop and the… | ||
| CVE-2026-33040 | Hig | 0.49 | 7.5 | 0.00 | Mar 20, 2026 | libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.49.3, the Gossipsub implementation accepts attacker-controlled PRUNE backoff values and may perform unchecked time arithmetic when storing backoff state. A specially… | ||
| CVE-2023-22460 | Hig | 0.42 | 7.5 | 0.01 | Jan 4, 2023 | go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Encoding data which contains a Bytes kind Node will pass a Bytes… | ||
| CVE-2022-2584 | Hig | 0.42 | 7.5 | 0.01 | Dec 27, 2022 | The dag-pb codec can panic when decoding invalid blocks. | ||
| CVE-2026-34219 | Med | 0.38 | 5.9 | 0.00 | Mar 31, 2026 | libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to version 0.49.4, the Rust libp2p Gossipsub implementation contains a remotely reachable panic in backoff expiry handling. After a peer sends a crafted PRUNE control message with an… | ||
| CVE-2026-42328 | Med | 0.33 | 6.2 | 0.00 | May 27, 2026 | go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Prior to 0.23.0, the DAG-CBOR and DAG-JSON decoders recurse on… | ||
| CVE-2026-35480 | Med | 0.33 | 6.2 | 0.00 | Apr 7, 2026 | go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Prior to 0.22.0, the DAG-CBOR decoder uses collection sizes… |
- risk 0.53cvss 8.2epss 0.00
libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, the rendezvous server stores pagination cookies without bounds. An unauthenticated peer can repeatedly issue DISCOVER requests and force unbounded memory growth. This…
- risk 0.49cvss 7.5epss 0.00
libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, libp2p-rendezvous server has no limit on how many namespaces a single peer can register. A malicious peer can just keep registering unique namespaces in a loop and the…
- risk 0.49cvss 7.5epss 0.00
libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.49.3, the Gossipsub implementation accepts attacker-controlled PRUNE backoff values and may perform unchecked time arithmetic when storing backoff state. A specially…
- risk 0.42cvss 7.5epss 0.01
go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Encoding data which contains a Bytes kind Node will pass a Bytes…
- risk 0.42cvss 7.5epss 0.01
The dag-pb codec can panic when decoding invalid blocks.
- risk 0.38cvss 5.9epss 0.00
libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to version 0.49.4, the Rust libp2p Gossipsub implementation contains a remotely reachable panic in backoff expiry handling. After a peer sends a crafted PRUNE control message with an…
- risk 0.33cvss 6.2epss 0.00
go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Prior to 0.23.0, the DAG-CBOR and DAG-JSON decoders recurse on…
- risk 0.33cvss 6.2epss 0.00
go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Prior to 0.22.0, the DAG-CBOR decoder uses collection sizes…