AZL-37422 CVE-2023-39533 affecting package golang for versions less than 1.21.6-1

go-libp2p is the Go implementation of the libp2p Networking Stack. Prior to versions 0.27.8, 0.28.2, and 0.29.1 malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key. This vulnerability is present in th...

PT-2023-27004 · Go-Libp2P · Go-Libp2P

Name of the Vulnerable Software and Affected Versions: go-libp2p versions prior to 0.27.8 go-libp2p versions prior to 0.28.2 go-libp2p versions prior to 0.29.1 Description: A malicious peer can use large RSA keys to run a resource exhaustion attack and force a node to spend time doing signature...

UBUNTU-CVE-2023-29409

Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three...