Internet Bug Bounty: GarlicRust - heartbleed style vulnerability in major I2P C++ router implementations

Brief ----- I2pd and kovri are both C++ I2P routers that share the same code base, as kovri was forked from i2pd several years ago. The vulnerability lies in a common code piece, making both implementations vulnerable, as was acknowledged by orignal, the main developer of i2pd. The vulnerability ...

Monero: Kovri: potential buffer over-read in garlic clove handling + I2NP message creation

Brief ----- There is a lack of sanitation checks when handling Garlic messages in the kovri I2P router. Sending a specially crafted Garlic message can cause the router to send onward an I2P message containing leaked RAM data, triggering a massive information leakage. Technical Details: ==========...