180 matches found
PT-2024-12089 · Ipfs +1 · Ipfs +1
Name of the Vulnerable Software and Affected Versions: go-libp2p-kad-dht versions 0.20.0 and earlier IPFS versions 0.18.1 and earlier Description: The issue allows an attacker to censor content in the InterPlanetary File System IPFS by exploiting the Kademlia DHT. This is done by generating many...
GO-2022-0873 Control character injection in console output in github.com/ipfs/go-ipfs
Control character injection in console output in github.com/ipfs/go-ipfs...
GO-2022-0779 Path traversal in github.com/ipfs/go-ipfs
Path traversal in github.com/ipfs/go-ipfs...
GO-2022-0418 Opened exploitable ports in default docker-compose.yaml in go-ipfs in github.com/ipfs/go-ipfs
Opened exploitable ports in default docker-compose.yaml in go-ipfs in github.com/ipfs/go-ipfs...
GO-2024-2779 Access Restriction Bypass in go-ipfs in github.com/ipfs/go-ipfs
Access Restriction Bypass in go-ipfs in github.com/ipfs/go-ipfs...
Improper Access Control
github.com/ipfs/kubo/ is vulnerable to Improper Access Control. The vulnerability is due to the ability of an attacker to generate ephemeral identities, allowing them to exploit the IPFS connection management reputation system. This enables the attacker to poison other nodes' routing tables,...
GHSA-R23H-3JMW-Q7HR Access Restriction Bypass in go-ipfs
An issue was discovered in IPFS aka go-ipfs 0.4.23. An attacker can generate ephemeral identities Sybils and leverage the IPFS connection management reputation system to poison other nodes' routing tables, eclipsing the nodes that are the target of the attack from the rest of the network. Later...
Access Restriction Bypass in go-ipfs
An issue was discovered in IPFS aka go-ipfs 0.4.23. An attacker can generate ephemeral identities Sybils and leverage the IPFS connection management reputation system to poison other nodes' routing tables, eclipsing the nodes that are the target of the attack from the rest of the network. Later...
GHSA-RCJV-MGP8-QVMR vulnerabilities
Vulnerabilities for packages: metrics-server-fips, caddy, k3s, cert-manager, prometheus-adapter, rancher-webhook, buildkitd, kubevela, rancher-webhook-fips, kubernetes-fips, kubernetes, kube-oidc-proxy, up...
CVE-2023-45142 vulnerabilities
Vulnerabilities for packages: metrics-server-fips, caddy, k3s, cert-manager, prometheus-adapter, rancher-webhook, buildkitd, kubevela, rancher-webhook-fips, kubernetes-fips, kubernetes, kube-oidc-proxy, up...
CVE-2023-45142 vulnerabilities
Vulnerabilities for packages: kubevela, up, kubernetes, prometheus-adapter, caddy, buildkitd, k3s...
CVE-2023-40583
libp2p is a networking stack and library modularized out of The IPFS Project, and bundled separately for other tools to use. In go-libp2p, by using signed peer records a malicious actor can store an arbitrary amount of data in a remote node’s memory. This memory does not get garbage collected and...
4337-snap (>=0.1.0 <=0.1.1), @0xflair/contracts-registry (>=0.107.10 <=0.123.2) +336 more potentially affected by CVE-2023-34459 via @openzeppelin/contracts-upgradeable (>=4.7.0 <=4.8.3)
@openzeppelin/contracts-upgradeable NPM version =4.7.0, =0.1.0, =0.107.10, =1.9.0, =0.107.0, =0.107.0, =0.107.0, =0.69.0, =0.107.0, =0.97.1, =0.107.0, =0.107.0, =0.107.0, =4.0.0, =2.0.0, =3.1.0 - @abheektripathy/nftpass =1.1.0 and more Source cves: CVE-2023-34459 Source advisory:...
GO-2023-1766 Denial of service from memory leak in github.com/ipfs/go-libipfs
An attacker can cause a Bitswap server to allocate and leak unbounded amounts of memory...
Web3 Needs A Truly Decentralized Infrastructure That IPFS Alone Cannot Deliver
By Waqas Web3, the next evolution of the internet, requires a truly decentralized infrastructure that goes beyond what IPFS InterPlanetary File System can offer on its own. This is a post from HackRead.com Read the original post: Web3 Needs A Truly Decentralized Infrastructure That IPFS Alone...
Denial Of Service (DoS)
github.com/ipfs/boxo is vulnerable to Denial of Service DoS attacks. By making requests for WANTBLOCK and/or WANTHAVE, which are persistent even if the connection is terminated, an attacker is able to allocate an undetermined number of bytes in the server...
GHSA-QVQG-6RP8-4P9H github.com/ipfs/kubo affected by DOS Bitswap unbounded persistent memory leak
Impact An attacker is able allocate arbitrarily many bytes in the Bitswap server by sending many WANTBLOCK and or WANTHAVE requests which are queued in an unbounded queue, with allocations that persist even if the connection is closed. This affects users accepting or connecting untrusted...
github.com/ipfs/kubo affected by DOS Bitswap unbounded persistent memory leak
Impact An attacker is able allocate arbitrarily many bytes in the Bitswap server by sending many WANTBLOCK and or WANTHAVE requests which are queued in an unbounded queue, with allocations that persist even if the connection is closed. This affects users accepting or connecting untrusted...
GHSA-Q3J6-22WF-3JH9 github.com/ipfs/go-bitswap vulnerable to DOS unbounded persistent memory leak
This package has been moved to github.com/ipfs/boxo/bitswap, this vulnerability is tracked there: https://github.com/ipfs/boxo/security/advisories/GHSA-m974-xj4j-7qv5 CVE-2023-25568 Remediation This is a two step process: 1. Apply one of: - recommended upgrade from github.com/ipfs/go-bitswap to...
CVE-2023-25568
Boxo, formerly known as go-libipfs, is a library for building IPFS applications and implementations. In versions 0.4.0 and 0.5.0, if an attacker is able allocate arbitrary many bytes in the Bitswap server, those allocations are lasting even if the connection is closed. This affects users acceptin...