EUVD-2017-3167

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2017-11551

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The id3fieldparse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service OOM via a crafted MP3 file. CVE-2017-11551 Note...

CVE-2023-40583 libp2p nodes vulnerable to OOM attack

libp2p is a networking stack and library modularized out of The IPFS Project, and bundled separately for other tools to use. In go-libp2p, by using signed peer records a malicious actor can store an arbitrary amount of data in a remote node’s memory. This memory does not get garbage collected and...

CVE-2023-40583 libp2p nodes vulnerable to OOM attack

libp2p is a networking stack and library modularized out of The IPFS Project, and bundled separately for other tools to use. In go-libp2p, by using signed peer records a malicious actor can store an arbitrary amount of data in a remote node’s memory. This memory does not get garbage collected and...

libp2p nodes vulnerable to OOM attack

Summary In go-libp2p, by using signed peer records a malicious actor can store an arbitrary amount of data in a remote node’s memory. This memory does not get garbage collected and so the victim can run out of memory and crash. It is feasible to do this at scale. An attacker would have to transfe...