Lucene search
K

200 matches found

CVE
CVE
added 2026/04/07 2:22 p.m.22 views

CVE-2026-35457

CVE-2026-35457 affects libp2p-rust prior to 0.17.1, where the rendezvous server stores pagination cookies without bounds. The DISCOVER handling creates new cookies and inserts them into Registrations::cookies with no upper bound or eviction, enabling an unauthenticated peer to trigger repeated re...

8.2CVSS5.9AI score0.00285EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/07 2:21 p.m.6 views

CVE-2026-35405 libp2p-rendezvous: Unlimited namespace registrations per peer enables OOM DoS on rendezvous servers

libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, libp2p-rendezvous server has no limit on how many namespaces a single peer can register. A malicious peer can just keep registering unique namespaces in a loop and the server happily accepts...

7.5CVSS5.9AI score0.00395EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/07 2:21 p.m.4 views

CVE-2026-35405

libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, libp2p-rendezvous server has no limit on how many namespaces a single peer can register. A malicious peer can just keep registering unique namespaces in a loop and the server happily accepts...

7.5CVSS5.9AI score0.00395EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/04/07 2:21 p.m.32 views

CVE-2026-35405

CVE-2026-35405 (libp2p-rendezvous) : The Red Hat/NVD et al. documents describe a vulnerability in libp2p-rendezvous where the server has no limit on how many namespaces a single peer can register. As a result, a malicious or multiple sybil peers can repeatedly register unique namespaces, each reg...

7.5CVSS5.9AI score0.00395EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.8 views

rust-libp2p 安全漏洞

rust-libp2p is a Rust implementation of the libp2p open-source network stack. Prior to version 0.17.1, rust-libp2p had a security vulnerability. This vulnerability stemmed from the unlimited number of namespaces that rendezvous servers could register for individual peers, which could lead to memo...

7.5CVSS5.8AI score0.00395EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.9 views

rust-libp2p 安全漏洞

rust-libp2p is a Rust implementation of the libp2p open-source network stack. Versions of rust-libp2p prior to 0.17.1 contained a security vulnerability. This vulnerability stemmed from the lack of boundary settings when the meeting server stored paginated cookies, allowing unauthenticated peer...

8.2CVSS5.8AI score0.00285EPSS
Exploits1References1
OSV
OSV
added 2026/04/04 6:33 a.m.5 views

GHSA-CQFX-GF56-8X59 libp2p-rendezvous: Unlimited namespace registrations per peer enables OOM DoS on rendezvous servers

Summary found that libp2p-rendezvous server has no limit on how many namespaces a single peer can register. a malicious peer can just keep registering unique namespaces in a loop and the server happily accepts every single one allocating memory for each registration with no pushback. keep doing...

7.5CVSS5.5AI score0.00395EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/04/01 5:3 p.m.5 views

CVE-2026-34219

libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to version 0.49.4, the Rust libp2p Gossipsub implementation contains a remotely reachable panic in backoff expiry handling. After a peer sends a crafted PRUNE control message with an attacker-controlled...

8.2CVSS5.8AI score0.00332EPSS
Exploits1References1
NVD
NVD
added 2026/03/31 4:16 p.m.5 views

CVE-2026-34219

libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to version 0.49.4, the Rust libp2p Gossipsub implementation contains a remotely reachable panic in backoff expiry handling. After a peer sends a crafted PRUNE control message with an attacker-controlled...

8.2CVSS0.00332EPSS
Exploits1References1
CVE
CVE
added 2026/03/31 3:47 p.m.15 views

CVE-2026-34219

CVE-2026-34219 affects libp2p-rust’s libp2p-gossipsub: prior to 0.49.4, Gossipsub’s backoff expiry handling can overflow when adding Slack to an Instant, after a crafted PRUNE with attacker-controlled backoff. This remotely reachable panic is triggered in heartbeat processing and is exploitable o...

8.2CVSS5.8AI score0.00332EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.7 views

rust-libp2p 安全漏洞

rust-libp2p is a Rust implementation of the libp2p open-source network stack. Versions of rust-libp2p prior to 0.49.4 contained a security vulnerability. This vulnerability stemmed from the lack of checks for arithmetic operations involving Instant and Duration when processing specially crafted...

8.2CVSS5.8AI score0.00332EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2026/03/30 1:4 p.m.6 views

blake-streams (=0.1.0), fuel-p2p (>=0.4.0 <=0.5.0) +9 more potentially affected by CVE-2026-34219 via libp2p-gossipsub (>=0.28.0 <=0.35.0)

libp2p-gossipsub CARGO version =0.28.0, =0.4.0, =0.20.0, =0.36.0, =0.16.0, =0.1.0, =0.1.1, =0.2.0, =0.39.1, =0.39.3 Source cves: CVE-2026-34219 Source advisory: OSV:GHSA-XQMP-FXGV-XVQ5...

8.2CVSS5.4AI score0.00332EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2026/03/30 1:4 p.m.9 views

libp2p-gossipsub: Remote crash via unchecked Instant overflow in heartbeat backoff expiry handling

Description Summary The Rust libp2p Gossipsub implementation contains a remotely reachable panic in backoff expiry handling. After a peer sends a crafted PRUNE control message with an attacker-controlled, near-maximum backoff value, the value is accepted and stored as an Instant near the...

8.2CVSS5.9AI score0.00332EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.6 views

CVE-2026-33040

libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.49.3, the Gossipsub implementation accepts attacker-controlled PRUNE backoff values and may perform unchecked time arithmetic when storing backoff state. A specially crafted PRUNE contr...

8.7CVSS5.7AI score0.00473EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/24 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2026-33040

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.49.3, the Gossipsub implementation accepts...

8.7CVSS5.8AI score0.00473EPSS
Exploits0References2
NVD
NVD
added 2026/03/20 6:16 a.m.10 views

CVE-2026-33040

libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.49.3, the Gossipsub implementation accepts attacker-controlled PRUNE backoff values and may perform unchecked time arithmetic when storing backoff state. A specially crafted PRUNE contr...

8.7CVSS0.00473EPSS
Exploits0References1
OSV
OSV
added 2026/03/20 6:16 a.m.2 views

UBUNTU-CVE-2026-33040

libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.49.3, the Gossipsub implementation accepts attacker-controlled PRUNE backoff values and may perform unchecked time arithmetic when storing backoff state. A specially crafted PRUNE contr...

8.7CVSS5.8AI score0.00473EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/20 5:46 a.m.4 views

CVE-2026-33040 libp2p-rust: Gossipsub PRUNE.backoff Duration Overflow

libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.49.3, the Gossipsub implementation accepts attacker-controlled PRUNE backoff values and may perform unchecked time arithmetic when storing backoff state. A specially crafted PRUNE contr...

8.7CVSS5.7AI score0.00473EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/20 5:46 a.m.6 views

CVE-2026-33040

libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.49.3, the Gossipsub implementation accepts attacker-controlled PRUNE backoff values and may perform unchecked time arithmetic when storing backoff state. A specially crafted PRUNE contr...

8.7CVSS5.7AI score0.00473EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/20 5:46 a.m.27 views

CVE-2026-33040

The CVE concerns libp2p-rust Gossipsub: prior to version 0.49.3, the Gossipsub backoff handling accepts attacker-controlled PRUNE backoff values, enabling unchecked time arithmetic that can overflow when updating backoff state. A crafted PRUNE message with a very large backoff (e.g., u64::MAX) ca...

8.7CVSS5.7AI score0.00473EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder