ChainSafe js-libp2p-noise 资源管理错误漏洞

ChainSafe js-libp2p-noise is an open source implementation of TypeScript containing the noise protocol from ChainSafe Canada. A resource management error vulnerability exists in ChainSafe js-libp2p versions prior to 0.38.0, which stems from vulnerability to targeted resource exhaustion attacks th...

Man In The Middle (MitM)

@chainsafe/libp2p-noise is vulnerable to Man In The Middle attack. The vulnerability exists due to a lack of validation of signature during handshake process...

Code injection

@chainsafe/libp2p-noise contains TypeScript implementation of noise protocol, an encryption protocol used in libp2p. @chainsafe/libp2p-noise before 4.1.2 and 5.0.3 does not correctly validate signatures during the handshake process. This may allow a man-in-the-middle to pose as other peers and ge...

CVE-2022-24759 Failure to validate signature during handshake in @chainsafe/libp2p-noise

@chainsafe/libp2p-noise contains TypeScript implementation of noise protocol, an encryption protocol used in libp2p. @chainsafe/libp2p-noise before 4.1.2 and 5.0.3 does not correctly validate signatures during the handshake process. This may allow a man-in-the-middle to pose as other peers and ge...

ChainSafe js-libp2p-noise 数据伪造问题漏洞

ChainSafe js-libp2p-noise is an open source implementation of TypeScript containing the noise protocol from ChainSafe Canada. ChainSafe js-libp2p-noise is vulnerable to a data forgery issue that allows a man-in-the-middle to impersonate other peers and disable those peers...