GO-2023-1766 Denial of service from memory leak in github.com/ipfs/go-libipfs

An attacker can cause a Bitswap server to allocate and leak unbounded amounts of memory...

CVE-2023-25568

CVE-2023-25568 affects Boxo (formerly go-libipfs) Bitswap/server. In Boxo versions 0.4.0 and 0.5.0, an attacker can allocate unbounded bytes in the Bitswap server, with allocations persisting after the connection closes, impacting users accepting untrusted connections and users importing old bits...