Lucene search
GoogleOSV:CVE-2022-24759HistoryMar 17, 2022 - 5:15 p.m.
CVE-2022-24759
2022-03-1717:15:07
Google
osv.dev
6
@chainsafe/libp2p-noise contains TypeScript implementation of noise protocol, an encryption protocol used in libp2p. @chainsafe/libp2p-noise before 4.1.2 and 5.0.3 does not correctly validate signatures during the handshake process. This may allow a man-in-the-middle to pose as other peers and get those peers banned. Users should upgrade to version 4.1.2 or 5.0.3 to receive a patch. There are currently no known workarounds.
| CPE | Name | Operator | Version |
|---|---|---|---|
| js-libp2p-noise | eq | 5.0.2 | |
| js-libp2p-noise | eq | 5.0.1 | |
| js-libp2p-noise | eq | 5.0.0 |
Related
osv
osv
Failure to validate signature during handshake
2022-03-18 18:57:53
nvd
nvd
CVE-2022-24759
2022-03-17 17:15:07
cvelist
cvelist
veracode
veracode
Man In The Middle (MitM)
2022-03-22 08:09:45
github
github
Failure to validate signature during handshake
2022-03-18 18:57:53
cve
cve
CVE-2022-24759
2022-03-17 17:15:07
prion
prion
Code injection
2022-03-17 17:15:00