10 matches found
golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS
A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSHAGENTSUCCESS 0x06 message to requests expecting typed replies e.g., List, Sign. The unmarshal layer produces an unexpected message type, which the client code does not handle,...
D-Bus 安全漏洞
D-Bus is an open-source implementation of the D-Bus specification. Security vulnerabilities exist in versions of D-Bus prior to 0.92.0, as well as in versions of Tmds.DBus.Protocol 0.92.0 and 0.21.3. These vulnerabilities stem from exposure to attacks by malicious D-Bus peers, which can lead to...
CVE-2025-24371
CometBFT is a distributed, Byzantine fault-tolerant, deterministic state machine replication engine. In the blocksync protocol peers send their base and latest heights when they connect to a new node A, which is syncing to the tip of a network. base acts as a lower ground and informs A that the...
CVE-2025-24371
CometBFT is a distributed, Byzantine fault-tolerant, deterministic state machine replication engine. In the blocksync protocol peers send their base and latest heights when they connect to a new node A, which is syncing to the tip of a network. base acts as a lower ground and informs A that the...
CVE-2025-24371 Malicious peer can make node stuck in blocksync in github.com/cometbft/cometbft
CometBFT is a distributed, Byzantine fault-tolerant, deterministic state machine replication engine. In the blocksync protocol peers send their base and latest heights when they connect to a new node A, which is syncing to the tip of a network. base acts as a lower ground and informs A that the...
CVE-2025-24371
CVE-2025-24371 affects CometBFT’s blocksync protocol. If a peer first reports a non-existent latest height X and then a lower Y (X>Y), a node may continually try to catch up and become blocked, potentially impacting availability. This is a networked, low-complexity issue with high impact on av...
PT-2025-5350
Name of the Vulnerable Software and Affected Versions CometBFT versions prior to 0.38.17 CometBFT versions prior to 1.0.1 Description CometBFT is a distributed, Byzantine fault-tolerant, deterministic state machine replication engine. In the blocksync protocol, peers send their base and latest...
PT-2022-16021 · Js-Libp2P · Js-Libp2P
Name of the Vulnerable Software and Affected Versions: js-libp2p versions prior to v0.38.0 Description: The issue concerns targeted resource exhaustion attacks that affect libp2p's connection, stream, peer, and memory management. An attacker can cause the allocation of large amounts of memory,...
Replay Attack
libzmq aka ZeroMQ is vulnerable to replay attacks. It is due to a flaw in the creation and validation of nonces, failing to detect nonces and disconnect malicious peers...
Ubuntu Update for quagga vulnerability USN-461-1
Ubuntu Update for Linux kernel vulnerabilities USN-461-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN4611.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for quagga vulnerability USN-461-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...