Lucene search
PRIOn knowledge basePRION:CVE-2022-24759HistoryMar 17, 2022 - 5:15 p.m.
Code injection
2022-03-1717:15:00
PRIOn knowledge base
www.prio-n.com
2
0.001 Low
EPSS
Percentile
41.4%
@chainsafe/libp2p-noise contains TypeScript implementation of noise protocol, an encryption protocol used in libp2p. @chainsafe/libp2p-noise before 4.1.2 and 5.0.3 does not correctly validate signatures during the handshake process. This may allow a man-in-the-middle to pose as other peers and get those peers banned. Users should upgrade to version 4.1.2 or 5.0.3 to receive a patch. There are currently no known workarounds.
| CPE | Name | Operator | Version |
|---|---|---|---|
| js-libp2p-noise | ge | 5.0.0 | |
| js-libp2p-noise | lt | 5.0.3 | |
| js-libp2p-noise | lt | 4.1.2 |
Related
osv
osv
Failure to validate signature during handshake
2022-03-18 18:57:53
CVE-2022-24759
2022-03-17 17:15:07
nvd
nvd
CVE-2022-24759
2022-03-17 17:15:07
cvelist
cvelist
veracode
veracode
Man In The Middle (MitM)
2022-03-22 08:09:45
github
github
Failure to validate signature during handshake
2022-03-18 18:57:53
cve
cve
CVE-2022-24759
2022-03-17 17:15:07