7 matches found
CVE-2023-25568
Boxo, formerly known as go-libipfs, is a library for building IPFS applications and implementations. In versions 0.4.0 and 0.5.0, if an attacker is able allocate arbitrary many bytes in the Bitswap server, those allocations are lasting even if the connection is closed. This affects users acceptin...
GHSA-QVQG-6RP8-4P9H github.com/ipfs/kubo affected by DOS Bitswap unbounded persistent memory leak
Impact An attacker is able allocate arbitrarily many bytes in the Bitswap server by sending many WANTBLOCK and or WANTHAVE requests which are queued in an unbounded queue, with allocations that persist even if the connection is closed. This affects users accepting or connecting untrusted...
GHSA-Q3J6-22WF-3JH9 github.com/ipfs/go-bitswap vulnerable to DOS unbounded persistent memory leak
This package has been moved to github.com/ipfs/boxo/bitswap, this vulnerability is tracked there: https://github.com/ipfs/boxo/security/advisories/GHSA-m974-xj4j-7qv5 CVE-2023-25568 Remediation This is a two step process: 1. Apply one of: - recommended upgrade from github.com/ipfs/go-bitswap to...
github.com/ipfs/go-bitswap vulnerable to DOS unbounded persistent memory leak
This package has been moved to github.com/ipfs/boxo/bitswap, this vulnerability is tracked there: https://github.com/ipfs/boxo/security/advisories/GHSA-m974-xj4j-7qv5 CVE-2023-25568 Remediation This is a two step process: 1. Apply one of: - recommended upgrade from github.com/ipfs/go-bitswap to...
CVE-2023-25568
creationtimestamp| type| source ---|---|--- 2023-05-10 20:42:01+00:00| seen| https://t.me/cibsecurity/63768...
CVE-2023-25568 Boxo bitswap/server: DOS unbounded persistent memory leak
Boxo, formerly known as go-libipfs, is a library for building IPFS applications and implementations. In versions 0.4.0 and 0.5.0, if an attacker is able allocate arbitrary many bytes in the Bitswap server, those allocations are lasting even if the connection is closed. This affects users acceptin...
CVE-2023-25568
CVE-2023-25568 affects Boxo (formerly go-libipfs) Bitswap/server. In Boxo versions 0.4.0 and 0.5.0, an attacker can allocate unbounded bytes in the Bitswap server, with allocations persisting after the connection closes, impacting users accepting untrusted connections and users importing old bits...