GHSA-M974-XJ4J-7QV5 Boxo bitswap/server: DOS unbounded persistent memory leak

Impact An attacker is able allocate arbitrarily many bytes in the Bitswap server by sending many WANTBLOCK and or WANTHAVE requests which are queued in an unbounded queue, with allocations that persist even if the connection is closed. This affects users accepting untrusted connections with the...

PT-2023-20166 · Boxo · Boxo

Name of the Vulnerable Software and Affected Versions: Boxo versions 0.4.0 through 0.5.0 Description: An attacker can cause a Bitswap server to allocate and leak unbounded amounts of memory by sending many WANT BLOCK and or WANT HAVE requests which are queued in an unbounded queue, with allocatio...