CVE-2024-27273

IBM AIX's Unix domain AIX 7.2, 7.3, VIOS 3.1, and VIOS 4.1 datagram socket implementation could potentially expose applications using Unix domain datagram sockets with SOPEERID operation and may lead to privilege escalation. IBM X-Force ID: 284903...

Failure to verify the public key of a `SignedEnvelope` against the `PeerId` in a `PeerRecord`

Affected versions of this crate did not check that the public key the signature was created with matches the peer ID of the peer record. Any combination was considered valid. This allows an attacker to republish an existing PeerRecord with a different PeerId...

Failure to verify the public key of a `SignedEnvelope` against the `PeerId` in a `PeerRecord`

Affected versions of this crate did not check that the public key the signature was created with matches the peer ID of the peer record. Any combination was considered valid. This allows an attacker to republish an existing PeerRecord with a different PeerId...

Identity Spoofing

Overview Affected versions of libp2p-secio does not correctly verify that the PeerId of DstPeer matches the PeerId discovered in the crypto handshake, resulting in a high severity identity spoofing vulnerability. Recommendation Update to version 0.9.0 or later. References - PR 95 - GitHub Advisor...