Lucene search
K

180 matches found

Prion
Prion
added 2020/11/02 9:15 p.m.11 views

Code injection

An issue was discovered in IPFS aka go-ipfs 0.4.23. An attacker can generate ephemeral identities Sybils and leverage the IPFS connection management reputation system to poison other nodes' routing tables, eclipsing the nodes that are the target of the attack from the rest of the network. Later...

5CVSS7.5AI score0.01147EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/11/02 4:53 p.m.33 views

CVE-2020-10937

An issue was discovered in IPFS aka go-ipfs 0.4.23. An attacker can generate ephemeral identities Sybils and leverage the IPFS connection management reputation system to poison other nodes' routing tables, eclipsing the nodes that are the target of the attack from the rest of the network. Later...

7.4AI score0.01147EPSS
Exploits0References2
CVE
CVE
added 2020/11/02 4:53 p.m.42 views

CVE-2020-10937

CVE-2020-10937 affects IPFS (go-ipfs) 0.4.23. An attacker can generate ephemeral identities (Sybils) and abuse the IPFS connection management reputation system to poison routing tables, allowing eclipse of target nodes from the network. The primary details in the sources indicate this is a networ...

7.5CVSS7.4AI score0.01147EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2020/09/02 9:50 p.m.11 views

GHSA-6FCR-9H9G-23FQ Denial of Service in ipfs-bitswap

Versions of ipfs-bitswap prior to 0.24.1 are vulnerable to Denial of Service DoS. The package put unwanted blocks in the blockstore, which could be used to exhaust system resources in specific conditions. Recommendation Upgrade to version 0.24.1 or later...

5.9CVSS7AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2020/09/02 9:50 p.m.40 views

Denial of Service in ipfs-bitswap

Versions of ipfs-bitswap prior to 0.24.1 are vulnerable to Denial of Service DoS. The package put unwanted blocks in the blockstore, which could be used to exhaust system resources in specific conditions. Recommendation Upgrade to version 0.24.1 or later...

4.4AI score
Exploits0References4Affected Software1
ossfuzz
ossfuzz
added 2020/08/30 4:27 p.m.14 views

ipfs:ipfs_ds_flatfs: Crash with empty stacktrace

Detailed Report: https://oss-fuzz.com/testcase?key=5141448788541440 Project: ipfs Fuzzing Engine: libFuzzer Fuzz Target: ipfsdsflatfs Job Type: libfuzzerasanipfs Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00001c3161ef Crash State: NULL Sanitizer: address ASAN Recommended Securit...

6.8AI score
Exploits0Affected Software1
ossfuzz
ossfuzz
added 2020/07/14 3:14 a.m.18 views

ipfs:ipfs_ds_flatfs: Crash with empty stacktrace

Detailed Report: https://oss-fuzz.com/testcase?key=5745157048369152 Project: ipfs Fuzzing Engine: libFuzzer Fuzz Target: ipfsdsflatfs Job Type: libfuzzerasanipfs Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00003a0bd224 Crash State: NULL Sanitizer: address ASAN Recommended Securit...

6.8AI score
Exploits0Affected Software1
Veracode
Veracode
added 2020/07/13 3:31 a.m.12 views

Denial Of Service (DoS)

ipfs-bitswap is vulnerable to denial of service DoS. The library does not ignore the unwanted blocks from the block store during the invocation of multiple functions, allowing a malicious user to cause an application crash...

3AI score
Exploits0
ossfuzz
ossfuzz
added 2020/06/24 8:42 a.m.15 views

ipfs:ipfs_ds_badger2: Crash with empty stacktrace

Detailed Report: https://oss-fuzz.com/testcase?key=4913800225751040 Project: ipfs Fuzzing Engine: libFuzzer Fuzz Target: ipfsdsbadger2 Job Type: libfuzzerasanipfs Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000201320 Crash State: NULL Sanitizer: address ASAN Recommended Securi...

6.8AI score
Exploits0Affected Software1
ossfuzz
ossfuzz
added 2020/06/06 5:9 p.m.23 views

ipfs:ipfs_ds_flatfs: Null-dereference READ in _cgo_try_pthread_create

Detailed Report: https://oss-fuzz.com/testcase?key=5714274837331968 Project: ipfs Fuzzing Engine: libFuzzer Fuzz Target: ipfsdsflatfs Job Type: libfuzzerasanipfs Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000000 Crash State: cgotrypthreadcreate Sanitizer: address...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/06/03 9:52 p.m.18 views

Denial of Service

Overview Versions of ipfs-bitswap prior to 0.24.1 are vulnerable to Denial of Service DoS. The package put unwanted blocks in the blockstore, which could be used to exhaust system resources in specific conditions. Recommendation Upgrade to version 0.24.1 or later. References - GitHub PR - Snyk...

6.8AI score
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2019/02/18 11:54 p.m.4 views

@dapp-stack/ipfs (>=0.1.0 <=0.5.0), @dapp-stack/scripts (>=0.1.0 <=0.3.0) +6 more potentially affected by CVE-2016-10563 via go-ipfs-dep (>=0.4.0-1 <=0.4.3-2)

go-ipfs-dep NPM version =0.4.0-1, =0.1.0, =0.1.0, =0.1.0, =1.0.2, =1.0.0, =0.4.0-hacky2, =0.9.0, =1.0.0, =1.6.0 Source cves: CVE-2016-10563 Source advisory: OSV:GHSA-G3XP-V2FF-X5C3...

8.1CVSS7.2AI score0.00773EPSS
Exploits0
OSV
OSV
added 2019/02/18 11:54 p.m.19 views

GHSA-G3XP-V2FF-X5C3 Downloads Resources over HTTP in go-ipfs-dep

Affected versions of go-ipfs-deps insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the...

8.1CVSS8.1AI score0.00773EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2019/02/18 11:54 p.m.19 views

Downloads Resources over HTTP in go-ipfs-dep

Affected versions of go-ipfs-deps insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the...

8.1CVSS5.6AI score0.00773EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2018/05/31 8:29 p.m.12 views

CVE-2016-10563

During the installation process, the go-ipfs-deps module before 0.4.4 insecurely downloads resources over HTTP. This allows for a MITM attack to compromise the integrity of the resources used by this module and could allow for further compromise...

8.1CVSS8AI score0.00773EPSS
Exploits0References2
Prion
Prion
added 2018/05/31 8:29 p.m.14 views

Design/Logic Flaw

During the installation process, the go-ipfs-deps module before 0.4.4 insecurely downloads resources over HTTP. This allows for a MITM attack to compromise the integrity of the resources used by this module and could allow for further compromise...

6.8CVSS7AI score0.00773EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/05/31 8:0 p.m.17 views

CVE-2016-10563

During the installation process, the go-ipfs-deps module before 0.4.4 insecurely downloads resources over HTTP. This allows for a MITM attack to compromise the integrity of the resources used by this module and could allow for further compromise...

8AI score0.00773EPSS
Exploits0References2
CVE
CVE
added 2018/05/31 8:0 p.m.46 views

CVE-2016-10563

CVE-2016-10563 concerns the go-ipfs-deps package, where versions before 0.4.4 download resources over HTTP. The root cause is insecure HTTP downloads that enable a MITM attacker to modify or read resources, compromising integrity and potentially enabling further impact, including remote code exec...

8.1CVSS7.9AI score0.00773EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2017/06/21 5:3 a.m.7 views

Arbitrary Redirects

github.com/ipfs/go-ipfs is vulnerable to arbitrary redirects. There is no validation of the X-Ipfs-Path-Prefix header which allows attackers to pass in arbitrary prefixes resulting in arbitrary redirects and directory listings...

6.8AI score
Exploits0
Veracode
Veracode
added 2016/12/19 8:34 a.m.16 views

Man In The Middle (MitM)

go-ipfs-dep is vulnerable to man-in-the-middle MitM attacks. This is because the library downloads binaries via HTTP, allowing MitM attacks. It may also cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or...

8.1CVSS8.3AI score0.00773EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder