GHSA-32MQ-HPPH-XFVR @libp2p/kad-dht: Unvalidated PUT_VALUE records allow unbounded disk exhaustion on DHT server nodes

Summary An unauthenticated remote peer can exhaust the disk storage of any @libp2p/kad-dht node running in server mode by sending an unbounded stream of PUTVALUE messages whose keys bypass all content validation. No credentials, no prior relationship, and no protocol deviation beyond a crafted ke...

@libp2p/kad-dht: Unvalidated PUT_VALUE records allow unbounded disk exhaustion on DHT server nodes

Summary An unauthenticated remote peer can exhaust the disk storage of any @libp2p/kad-dht node running in server mode by sending an unbounded stream of PUTVALUE messages whose keys bypass all content validation. No credentials, no prior relationship, and no protocol deviation beyond a crafted ke...

Improper Validation of Syntactic Correctness of Input

Overview @libp2p/kad-dht is a JavaScript implementation of the Kad-DHT for libp2p Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the verifyRecord function that leads to the unlimited message processing since rate limits are applied onl...

PT-2026-42028

Summary An unauthenticated remote peer can exhaust the disk storage of any @libp2p/kad-dht node running in server mode by sending an unbounded stream of PUT VALUE messages whose keys bypass all content validation. No credentials, no prior relationship, and no protocol deviation beyond a crafted k...

Malicious code in @zalastax/nolb-_kad (npm)

The package @zalastax/nolb-kad was found to contain malicious code...

MAL-2025-10160 Malicious code in @zalastax/nolb-_kad (npm)

The package @zalastax/nolb-kad was found to contain malicious code...

GHSA-MQR9-HJR8-2M9W Content Censorship in the InterPlanetary File System (IPFS) via Kademlia DHT abuse

The Kademlia DHT go-libp2p-kad-dht 0.20.0 and earlier used in IPFS 0.18.1 and earlier assigns routing information for content i.e., information about who holds the content to be stored by peers whose peer IDs have a small DHT distance from the content ID. This allows an attacker to censor content...

go-libp2p-kad-dht 安全漏洞

go-libp2p-kad-dht is a distributed hash table algorithm in the libp2p open source. A security vulnerability exists in go-libp2p-kad-dht version 0.20.0 and earlier, which stems from a vulnerability that allows an attacker to hijack the content parsing process by generating a number of Sybil peers...

CVE-2023-26248

The Kademlia DHT go-libp2p-kad-dht 0.20.0 and earlier used in IPFS 0.18.1 and earlier assigns routing information for content i.e., information about who holds the content to be stored by peers whose peer IDs have a small DHT distance from the content ID. This allows an attacker to censor content...

TDSS rootkit infects 1.5 million US computers

TDSS rootkit infects 1.5 million US computers Millions of PCs around the world infected by the dangerous TDSS 'super-malware' rootkit as part of a campaign to build a giant new botnet. The report is presented by researchers from security firm Kaspersky Lab. TDSS also known as 'TDL' and sometimes ...

[SECURITY] [DSA 1821-1] New amule packages fix insufficient input sanitising

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1821-1 [email protected] http://www.debian.org/security/ Steffen Joeris June 22, 2009 http://www.debian.org/security/faq -...

DSA-1821-1 amule - insufficient input sanitising

Bulletin has no description...

Thunder

Thunder AKA Xunlei is a popular peer to peer Chinese download manager and file sharing client that supports BitTorrent, eDonkey, Kad, and FTP. Thunder accelerates downloads by accessing its proprietary P2P network in addition to the given HTTP download. There are cases in which certain traffic,...

Nuked Klan <= 1.7 Remote Cookie Disclosure Exploit

Nuked Klan = 1.7 Remote Cookie Disclosure Exploit - Vendor : www.nuked-klan.org/ - Found by NeoSSJ & Kad' - Full disclosure on 31 December 2006 - Notice : you only have to create a .swf file, and you put on :...

Multiple eMule vulnerabilities

DoS on Kad protocol parsing. Vulnerable version of zlib protocol is used...