js-libp2p is the official javascript Implementation of libp2p networking stack. Versions older than v0.38.0 of js-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2pβs connection, stream, peer, and memory management. An attacker can cause the allocation of...
7.5CVSS
7.5AI Score
0.001EPSS
@chainsafe/libp2p-noise contains TypeScript implementation of noise protocol, an encryption protocol used in libp2p. @chainsafe/libp2p-noise before 4.1.2 and 5.0.3 does not correctly validate signatures during the handshake process. This may allow a man-in-the-middle to pose as other peers and get....
8.1CVSS
7.3AI Score
0.001EPSS