5 matches found
CVE-2026-35457
libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, the rendezvous server stores pagination cookies without bounds. An unauthenticated peer can repeatedly issue DISCOVER requests and force unbounded memory growth. This vulnerability is fixed i...
CVE-2026-35457 libp2p-rust has unbounded rendezvous DISCOVER cookies enable remote memory exhaustion
libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, the rendezvous server stores pagination cookies without bounds. An unauthenticated peer can repeatedly issue DISCOVER requests and force unbounded memory growth. This vulnerability is fixed i...
rust-libp2p 安全漏洞
rust-libp2p is a Rust implementation of the libp2p open-source network stack. Versions of rust-libp2p prior to 0.17.1 contained a security vulnerability. This vulnerability stemmed from the lack of boundary settings when the meeting server stored paginated cookies, allowing unauthenticated peer...
GHSA-V5HW-CV9C-RPG7 libp2p-rendezvous: Unbounded rendezvous DISCOVER cookies enable remote memory exhaustion
Summary The rendezvous server stores pagination cookies without bounds. An unauthenticated peer can repeatedly issue DISCOVER requests and force unbounded memory growth. Details Pagination state is stored in: rs HashMap On Message::Discover: remote peer → DISCOVER → handlerequest →...
PT-2026-30338
Name of the Vulnerable Software and Affected Versions libp2p-rendezvous affected versions not specified Description The rendezvous server stores pagination cookies without bounds, leading to unbounded memory growth. An unauthenticated peer can repeatedly issue DISCOVER requests to exploit this...