19 matches found
CVE-2026-35457
libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, the rendezvous server stores pagination cookies without bounds. An unauthenticated peer can repeatedly issue DISCOVER requests and force unbounded memory growth. This vulnerability is fixed i...
CVE-2026-35457 libp2p-rust has unbounded rendezvous DISCOVER cookies enable remote memory exhaustion
libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, the rendezvous server stores pagination cookies without bounds. An unauthenticated peer can repeatedly issue DISCOVER requests and force unbounded memory growth. This vulnerability is fixed i...
CVE-2026-35457
libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, the rendezvous server stores pagination cookies without bounds. An unauthenticated peer can repeatedly issue DISCOVER requests and force unbounded memory growth. This vulnerability is fixed i...
CVE-2026-35457 libp2p-rust has unbounded rendezvous DISCOVER cookies enable remote memory exhaustion
libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, the rendezvous server stores pagination cookies without bounds. An unauthenticated peer can repeatedly issue DISCOVER requests and force unbounded memory growth. This vulnerability is fixed i...
CVE-2026-35457
CVE-2026-35457 affects libp2p-rust prior to 0.17.1, where the rendezvous server stores pagination cookies without bounds. The DISCOVER handling creates new cookies and inserts them into Registrations::cookies with no upper bound or eviction, enabling an unauthenticated peer to trigger repeated re...
CVE-2026-34219
libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to version 0.49.4, the Rust libp2p Gossipsub implementation contains a remotely reachable panic in backoff expiry handling. After a peer sends a crafted PRUNE control message with an attacker-controlled...
CVE-2026-34219
libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to version 0.49.4, the Rust libp2p Gossipsub implementation contains a remotely reachable panic in backoff expiry handling. After a peer sends a crafted PRUNE control message with an attacker-controlled...
CVE-2026-33040
libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.49.3, the Gossipsub implementation accepts attacker-controlled PRUNE backoff values and may perform unchecked time arithmetic when storing backoff state. A specially crafted PRUNE contr...
Linux Distros Unpatched Vulnerability : CVE-2026-33040
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.49.3, the Gossipsub implementation accepts...
CVE-2026-33040
libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.49.3, the Gossipsub implementation accepts attacker-controlled PRUNE backoff values and may perform unchecked time arithmetic when storing backoff state. A specially crafted PRUNE contr...
CVE-2026-33040 libp2p-rust: Gossipsub PRUNE.backoff Duration Overflow
libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.49.3, the Gossipsub implementation accepts attacker-controlled PRUNE backoff values and may perform unchecked time arithmetic when storing backoff state. A specially crafted PRUNE contr...
CVE-2026-33040
The CVE concerns libp2p-rust Gossipsub: prior to version 0.49.3, the Gossipsub backoff handling accepts attacker-controlled PRUNE backoff values, enabling unchecked time arithmetic that can overflow when updating backoff state. A crafted PRUNE message with a very large backoff (e.g., u64::MAX) ca...
EUVD-2022-7670
Malicious code in bioql PyPI...
CVE-2022-23486
libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.45.1 an attacker node can cause a victim node to allocate a large number of small memory chunks, which can ultimately lead to the victim’s process running out of memory and thus getting...
CVE-2022-23486 libp2p-rust denial of service vulnerability from lack of resource management
libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.45.1 an attacker node can cause a victim node to allocate a large number of small memory chunks, which can ultimately lead to the victim’s process running out of memory and thus getting...
CVE-2022-23486 libp2p-rust denial of service vulnerability from lack of resource management
libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.45.1 an attacker node can cause a victim node to allocate a large number of small memory chunks, which can ultimately lead to the victim’s process running out of memory and thus getting...
CVE-2022-23486
CVE-2022-23486 affects the Rust implementation of libp2p (libp2p-rust) in versions before 0.45.1. An attacker node can induce a victim to allocate a large number of small memory chunks, exhausting the victim process memory and potentially causing OOM/killing, enabling a denial-of-service, especia...
CVE-2022-23486 libp2p-rust denial of service vulnerability from lack of resource management
libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.45.1 an attacker node can cause a victim node to allocate a large number of small memory chunks, which can ultimately lead to the victim’s process running out of memory and thus getting...
PT-2022-16020 · Unknown · Libp2P-Rust
Name of the Vulnerable Software and Affected Versions: libp2p-rust versions prior to 0.45.1 Description: The issue allows an attacker node to cause a victim node to allocate a large number of small memory chunks, leading to the victim's process running out of memory and potentially getting killed...