EUVD-2026-25056

nimiq-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, MessageCodec::readrequest and readresponse call readtoend on inbound substreams, so a remote peer can send only a partial frame and keep the substream open. because Behaviour::new also sets...

EUVD-2023-2291

Malicious code in bioql PyPI...

EUVD-2022-7609

Malicious code in bioql PyPI...

EUVD-2022-7660

Malicious code in bioql PyPI...

Denial Of Service (DoS)

libp2p is vulnerable to Denial Of Service DoS. The vulnerability is due to insufficient validation of RSA key sizes, which allows an attacker to send a large RSA key and exhaust system resources...

trinity (>=0.1.0a28 <=0.1.0a36) potentially affected by CVE-2025-29606 via libp2p (>=0.1.1 <=0.1.5)

libp2p PYPI version =0.1.1, =0.1.0a28, =0.1.0a36 Source cves: CVE-2025-29606 Source advisory: SNYK:PYTHON-LIBP2P-10851401...

CVE-2025-29606

py-libp2p before 0.2.3 allows a peer to cause a denial of service resource consumption via a large RSA key...

PT-2025-29420 · Pypi · Py-Libp2P

Name of the Vulnerable Software and Affected Versions: py-libp2p versions prior to 0.2.3 Description: py-libp2p versions prior to 0.2.3 are susceptible to a denial of service resource consumption issue. This occurs when a peer sends a large RSA key. Recommendations: Update py-libp2p to version...

CVE-2025-47270 nimiq-network-libp2p Uncontrolled Resource Consumption vulnerability

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. The nimiq-network-libp2p subcrate of nimiq/core-rs-albatross is vulnerable to a Denial of Service DoS attack due to uncontrolled memory allocation. Specifically, the...

PT-2023-27520 · Go-Libp2P · Go-Libp2P

Name of the Vulnerable Software and Affected Versions: go-libp2p versions prior to 0.27.4 go-libp2p versions prior to 0.30.0 Description: A malicious actor can store an arbitrary amount of data in a remote node's memory by sending the node a message with a signed peer record. This memory does not...

AZL-27872 CVE-2023-39533 affecting package golang for versions less than 1.19.12-1

go-libp2p is the Go implementation of the libp2p Networking Stack. Prior to versions 0.27.8, 0.28.2, and 0.29.1 malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key. This vulnerability is present in th...

PT-2023-27004 · Go-Libp2P · Go-Libp2P

Name of the Vulnerable Software and Affected Versions: go-libp2p versions prior to 0.27.8 go-libp2p versions prior to 0.28.2 go-libp2p versions prior to 0.29.1 Description: A malicious peer can use large RSA keys to run a resource exhaustion attack and force a node to spend time doing signature...

CVE-2022-23492 go-libp2p denial of service vulnerability from lack of resource management

go-libp2p is the offical libp2p implementation in the Go programming language. Version 0.18.0 and older of go-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can cause the allocation of large...

PT-2022-16021 · Js-Libp2P · Js-Libp2P

Name of the Vulnerable Software and Affected Versions: js-libp2p versions prior to v0.38.0 Description: The issue concerns targeted resource exhaustion attacks that affect libp2p's connection, stream, peer, and memory management. An attacker can cause the allocation of large amounts of memory,...