12 matches found
CVE-2023-25568
Boxo, formerly known as go-libipfs, is a library for building IPFS applications and implementations. In versions 0.4.0 and 0.5.0, if an attacker is able allocate arbitrary many bytes in the Bitswap server, those allocations are lasting even if the connection is closed. This affects users acceptin...
EUVD-2023-1578
Malicious code in bioql PyPI...
github.com/ipfs/go-bitswap vulnerable to DOS unbounded persistent memory leak
This package has been moved to github.com/ipfs/boxo/bitswap, this vulnerability is tracked there: https://github.com/ipfs/boxo/security/advisories/GHSA-m974-xj4j-7qv5 CVE-2023-25568 Remediation This is a two step process: 1. Apply one of: - recommended upgrade from github.com/ipfs/go-bitswap to...
GHSA-Q3J6-22WF-3JH9 github.com/ipfs/go-bitswap vulnerable to DOS unbounded persistent memory leak
This package has been moved to github.com/ipfs/boxo/bitswap, this vulnerability is tracked there: https://github.com/ipfs/boxo/security/advisories/GHSA-m974-xj4j-7qv5 CVE-2023-25568 Remediation This is a two step process: 1. Apply one of: - recommended upgrade from github.com/ipfs/go-bitswap to...
CVE-2023-25568
Boxo, formerly known as go-libipfs, is a library for building IPFS applications and implementations. In versions 0.4.0 and 0.5.0, if an attacker is able allocate arbitrary many bytes in the Bitswap server, those allocations are lasting even if the connection is closed. This affects users acceptin...
Design/Logic Flaw
Boxo, formerly known as go-libipfs, is a library for building IPFS applications and implementations. In versions 0.4.0 and 0.5.0, if an attacker is able allocate arbitrary many bytes in the Bitswap server, those allocations are lasting even if the connection is closed. This affects users acceptin...
PT-2023-20166 · Boxo · Boxo
Name of the Vulnerable Software and Affected Versions: Boxo versions 0.4.0 through 0.5.0 Description: An attacker can cause a Bitswap server to allocate and leak unbounded amounts of memory by sending many WANT BLOCK and or WANT HAVE requests which are queued in an unbounded queue, with allocatio...
CVE-2023-25568 Boxo bitswap/server: DOS unbounded persistent memory leak
Boxo, formerly known as go-libipfs, is a library for building IPFS applications and implementations. In versions 0.4.0 and 0.5.0, if an attacker is able allocate arbitrary many bytes in the Bitswap server, those allocations are lasting even if the connection is closed. This affects users acceptin...
IPFS Boxo 安全漏洞
IPFS Boxo is a library for building IPFS applications and implementations from IPFS, Inc. A security vulnerability exists in Boxo version 0.4.0, 0.5.0. An attacker exploiting this vulnerability is able to allocate arbitrarily many bytes in a Bitswap server...
CVE-2023-25568 Boxo bitswap/server: DOS unbounded persistent memory leak
Boxo, formerly known as go-libipfs, is a library for building IPFS applications and implementations. In versions 0.4.0 and 0.5.0, if an attacker is able allocate arbitrary many bytes in the Bitswap server, those allocations are lasting even if the connection is closed. This affects users acceptin...
CVE-2023-25568
CVE-2023-25568 affects Boxo (formerly go-libipfs) Bitswap/server. In Boxo versions 0.4.0 and 0.5.0, an attacker can allocate unbounded bytes in the Bitswap server, with allocations persisting after the connection closes, impacting users accepting untrusted connections and users importing old bits...
CVE-2023-25568 Boxo bitswap/server: DOS unbounded persistent memory leak
Boxo, formerly known as go-libipfs, is a library for building IPFS applications and implementations. In versions 0.4.0 and 0.5.0, if an attacker is able allocate arbitrary many bytes in the Bitswap server, those allocations are lasting even if the connection is closed. This affects users acceptin...