Lucene search
K

6 matches found

EUVD
EUVD
added 2026/06/10 9:9 p.m.10 views

EUVD-2026-36153

libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 16.2.6, an unauthenticated remote peer can exhaust the disk storage of any @libp2p/kad-dht node running in server mode by sending an unbounded stream of PUTVALUE messages whose keys bypass all content validation. N...

7.5CVSS5.4AI score0.00354EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 9:9 p.m.7 views

CVE-2026-45783 libp2p: Unvalidated PUT_VALUE records allow unbounded disk exhaustion on DHT server nodes

libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 16.2.6, an unauthenticated remote peer can exhaust the disk storage of any @libp2p/kad-dht node running in server mode by sending an unbounded stream of PUTVALUE messages whose keys bypass all content validation. N...

7.5CVSS5.4AI score0.00354EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/05/19 8:7 p.m.8 views

8004skill (>=1.1.0 <=2.0.0), @a3stack/identity (=0.2.0) +279 more potentially affected by CVE-2026-45783 via @libp2p/kad-dht (>=10.0.15 <=16.2.6-9eb27be79)

@libp2p/kad-dht NPM version =10.0.15, =1.1.0, =1.0.0, =1.0.0, =1.0.1, =1.3.0, =0.0.2, =1.1.3, =0.2.0, =0.0.0-test.0, =0.0.0-test.0, =0.7.2, =0.0.0-test.0, =4.0.0-nightly.20250907 and more Source cves: CVE-2026-45783 Source advisory: OSV:GHSA-32MQ-HPPH-XFVR...

7.5CVSS5.7AI score0.00354EPSS
Exploits0
OSV
OSV
added 2024/10/25 6:30 p.m.10 views

GHSA-MQR9-HJR8-2M9W Content Censorship in the InterPlanetary File System (IPFS) via Kademlia DHT abuse

The Kademlia DHT go-libp2p-kad-dht 0.20.0 and earlier used in IPFS 0.18.1 and earlier assigns routing information for content i.e., information about who holds the content to be stored by peers whose peer IDs have a small DHT distance from the content ID. This allows an attacker to censor content...

5.3CVSS5AI score0.00201EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/10/25 12:0 a.m.3 views

go-libp2p-kad-dht 安全漏洞

go-libp2p-kad-dht is a distributed hash table algorithm in the libp2p open source. A security vulnerability exists in go-libp2p-kad-dht version 0.20.0 and earlier, which stems from a vulnerability that allows an attacker to hijack the content parsing process by generating a number of Sybil peers...

5.3CVSS6.7AI score0.00201EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/10/25 12:0 a.m.12 views

CVE-2023-26248

The Kademlia DHT go-libp2p-kad-dht 0.20.0 and earlier used in IPFS 0.18.1 and earlier assigns routing information for content i.e., information about who holds the content to be stored by peers whose peer IDs have a small DHT distance from the content ID. This allows an attacker to censor content...

6.5AI score0.00201EPSS
Exploits0References2
Rows per page
Query Builder