Denial Of Service (DoS)

github.com/ipld/go-codec-dagpb is vulnerable to denial of service. The vulnerability exists when dag-pb codec decodes an invalid block which allows an attacker to cause an application crash...

CVE-2022-2584 Panic when decoding invalid blocks in github.com/ipld/go-codec-dagpb

The dag-pb codec can panic when decoding invalid blocks...

Denial Of Service (DoS)

go-ipfs is vulnerable to denial of service. The use of go-codec-dagpb dependency with an issue allows external user who download or export data to traverse certain malformed graphs and cause an application crash...

GHSA-MCQ2-W56R-5W2W Daemon panics when processing certain blocks

Impact go-ipfs nodes with versions 0.10.0, 0.11.0, 0.12.0, or 0.12.1 can crash when trying to traverse certain malformed graphs due to an issue in the go-codec-dagpb dependency. Vulnerable nodes that work with these malformed graphs may crash leading to denial-of-service risks. This particularly...

GHSA-G3VV-G2J5-45F2 ipld/go-codec-dagpb panics when processing certain blocks

Impact Decoding certain blocks using the go-ipld-prime version of the dag-pb codec go-codec-dagpb can cause a panic. The panic comes from an assumption that the reported link length is accurate, but if the block ends before that reported length then it’s a buffer overread. Patches The issue is...

ipld/go-codec-dagpb panics when processing certain blocks

Impact Decoding certain blocks using the go-ipld-prime version of the dag-pb codec go-codec-dagpb can cause a panic. The panic comes from an assumption that the reported link length is accurate, but if the block ends before that reported length then it’s a buffer overread. Patches The issue is...