GHSA-GCQ9-QQWX-RGJ3 libp2p nodes vulnerable to OOM attack
Summary In go-libp2p, by using signed peer records a malicious actor can store an arbitrary amount of data in a remote node’s memory. This memory does not get garbage collected and so the victim can run out of memory and crash. It is feasible to do this at scale. An attacker would have to transfe...