10 matches found
CVE-2023-25568
Boxo, formerly known as go-libipfs, is a library for building IPFS applications and implementations. In versions 0.4.0 and 0.5.0, if an attacker is able allocate arbitrary many bytes in the Bitswap server, those allocations are lasting even if the connection is closed. This affects users acceptin...
EUVD-2023-1578
Malicious code in bioql PyPI...
GO-2023-1766 Denial of service from memory leak in github.com/ipfs/go-libipfs
An attacker can cause a Bitswap server to allocate and leak unbounded amounts of memory...
GHSA-M974-XJ4J-7QV5 Boxo bitswap/server: DOS unbounded persistent memory leak
Impact An attacker is able allocate arbitrarily many bytes in the Bitswap server by sending many WANTBLOCK and or WANTHAVE requests which are queued in an unbounded queue, with allocations that persist even if the connection is closed. This affects users accepting untrusted connections with the...
CVE-2023-25568
Boxo, formerly known as go-libipfs, is a library for building IPFS applications and implementations. In versions 0.4.0 and 0.5.0, if an attacker is able allocate arbitrary many bytes in the Bitswap server, those allocations are lasting even if the connection is closed. This affects users acceptin...
Design/Logic Flaw
Boxo, formerly known as go-libipfs, is a library for building IPFS applications and implementations. In versions 0.4.0 and 0.5.0, if an attacker is able allocate arbitrary many bytes in the Bitswap server, those allocations are lasting even if the connection is closed. This affects users acceptin...
IPFS Boxo 安全漏洞
IPFS Boxo is a library for building IPFS applications and implementations from IPFS, Inc. A security vulnerability exists in Boxo version 0.4.0, 0.5.0. An attacker exploiting this vulnerability is able to allocate arbitrarily many bytes in a Bitswap server...
CVE-2023-25568
CVE-2023-25568 affects Boxo (formerly go-libipfs) Bitswap/server. In Boxo versions 0.4.0 and 0.5.0, an attacker can allocate unbounded bytes in the Bitswap server, with allocations persisting after the connection closes, impacting users accepting untrusted connections and users importing old bits...
CVE-2023-25568 Boxo bitswap/server: DOS unbounded persistent memory leak
Boxo, formerly known as go-libipfs, is a library for building IPFS applications and implementations. In versions 0.4.0 and 0.5.0, if an attacker is able allocate arbitrary many bytes in the Bitswap server, those allocations are lasting even if the connection is closed. This affects users acceptin...
CVE-2023-25568 Boxo bitswap/server: DOS unbounded persistent memory leak
Boxo, formerly known as go-libipfs, is a library for building IPFS applications and implementations. In versions 0.4.0 and 0.5.0, if an attacker is able allocate arbitrary many bytes in the Bitswap server, those allocations are lasting even if the connection is closed. This affects users acceptin...