6 matches found
EUVD-2026-36153
libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 16.2.6, an unauthenticated remote peer can exhaust the disk storage of any @libp2p/kad-dht node running in server mode by sending an unbounded stream of PUTVALUE messages whose keys bypass all content validation. N...
CVE-2026-45783 libp2p: Unvalidated PUT_VALUE records allow unbounded disk exhaustion on DHT server nodes
libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 16.2.6, an unauthenticated remote peer can exhaust the disk storage of any @libp2p/kad-dht node running in server mode by sending an unbounded stream of PUTVALUE messages whose keys bypass all content validation. N...
8004skill (>=1.1.0 <=2.0.0), @a3stack/identity (=0.2.0) +279 more potentially affected by CVE-2026-45783 via @libp2p/kad-dht (>=10.0.15 <=16.2.6-9eb27be79)
@libp2p/kad-dht NPM version =10.0.15, =1.1.0, =1.0.0, =1.0.0, =1.0.1, =1.3.0, =0.0.2, =1.1.3, =0.2.0, =0.0.0-test.0, =0.0.0-test.0, =0.7.2, =0.0.0-test.0, =4.0.0-nightly.20250907 and more Source cves: CVE-2026-45783 Source advisory: OSV:GHSA-32MQ-HPPH-XFVR...
GHSA-MQR9-HJR8-2M9W Content Censorship in the InterPlanetary File System (IPFS) via Kademlia DHT abuse
The Kademlia DHT go-libp2p-kad-dht 0.20.0 and earlier used in IPFS 0.18.1 and earlier assigns routing information for content i.e., information about who holds the content to be stored by peers whose peer IDs have a small DHT distance from the content ID. This allows an attacker to censor content...
go-libp2p-kad-dht 安全漏洞
go-libp2p-kad-dht is a distributed hash table algorithm in the libp2p open source. A security vulnerability exists in go-libp2p-kad-dht version 0.20.0 and earlier, which stems from a vulnerability that allows an attacker to hijack the content parsing process by generating a number of Sybil peers...
CVE-2023-26248
The Kademlia DHT go-libp2p-kad-dht 0.20.0 and earlier used in IPFS 0.18.1 and earlier assigns routing information for content i.e., information about who holds the content to be stored by peers whose peer IDs have a small DHT distance from the content ID. This allows an attacker to censor content...