Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:2 a.m.5 views

CVE-2023-25568

Boxo, formerly known as go-libipfs, is a library for building IPFS applications and implementations. In versions 0.4.0 and 0.5.0, if an attacker is able allocate arbitrary many bytes in the Bitswap server, those allocations are lasting even if the connection is closed. This affects users acceptin...

8.2CVSS7AI score0.00856EPSS
Exploits0References1
OSV
OSV
added 2023/05/11 8:40 p.m.21 views

GHSA-QVQG-6RP8-4P9H github.com/ipfs/kubo affected by DOS Bitswap unbounded persistent memory leak

Impact An attacker is able allocate arbitrarily many bytes in the Bitswap server by sending many WANTBLOCK and or WANTHAVE requests which are queued in an unbounded queue, with allocations that persist even if the connection is closed. This affects users accepting or connecting untrusted...

5.3CVSS7.6AI score0.00856EPSS
Exploits0References4
OSV
OSV
added 2023/05/11 8:39 p.m.14 views

GHSA-Q3J6-22WF-3JH9 github.com/ipfs/go-bitswap vulnerable to DOS unbounded persistent memory leak

This package has been moved to github.com/ipfs/boxo/bitswap, this vulnerability is tracked there: https://github.com/ipfs/boxo/security/advisories/GHSA-m974-xj4j-7qv5 CVE-2023-25568 Remediation This is a two step process: 1. Apply one of: - recommended upgrade from github.com/ipfs/go-bitswap to...

7.5CVSS7.6AI score0.00856EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2023/05/11 8:39 p.m.26 views

github.com/ipfs/go-bitswap vulnerable to DOS unbounded persistent memory leak

This package has been moved to github.com/ipfs/boxo/bitswap, this vulnerability is tracked there: https://github.com/ipfs/boxo/security/advisories/GHSA-m974-xj4j-7qv5 CVE-2023-25568 Remediation This is a two step process: 1. Apply one of: - recommended upgrade from github.com/ipfs/go-bitswap to...

8.2CVSS6.2AI score0.00856EPSS
Exploits0References7Affected Software1
Circl
Circl
added 2023/05/10 8:42 p.m.21 views

CVE-2023-25568

creationtimestamp| type| source ---|---|--- 2023-05-10 20:42:01+00:00| seen| https://t.me/cibsecurity/63768...

8.2CVSS7.6AI score0.00856EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/05/10 12:0 a.m.8 views

CVE-2023-25568 Boxo bitswap/server: DOS unbounded persistent memory leak

Boxo, formerly known as go-libipfs, is a library for building IPFS applications and implementations. In versions 0.4.0 and 0.5.0, if an attacker is able allocate arbitrary many bytes in the Bitswap server, those allocations are lasting even if the connection is closed. This affects users acceptin...

8.2CVSS8.2AI score0.00856EPSS
Exploits0References4
CVE
CVE
added 2023/05/10 12:0 a.m.72 views

CVE-2023-25568

CVE-2023-25568 affects Boxo (formerly go-libipfs) Bitswap/server. In Boxo versions 0.4.0 and 0.5.0, an attacker can allocate unbounded bytes in the Bitswap server, with allocations persisting after the connection closes, impacting users accepting untrusted connections and users importing old bits...

8.2CVSS7.7AI score0.00856EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder