rust-libp2p 安全漏洞

rust-libp2p is a Rust implementation of the libp2p open-source network stack. Prior to version 0.17.1, rust-libp2p had a security vulnerability. This vulnerability stemmed from the unlimited number of namespaces that rendezvous servers could register for individual peers, which could lead to memo...

rust-libp2p 安全漏洞

rust-libp2p is a Rust implementation of the libp2p open-source network stack. Versions of rust-libp2p prior to 0.17.1 contained a security vulnerability. This vulnerability stemmed from the lack of boundary settings when the meeting server stored paginated cookies, allowing unauthenticated peer...

CVE-2026-34219

CVE-2026-34219 affects libp2p-rust’s libp2p-gossipsub: prior to 0.49.4, Gossipsub’s backoff expiry handling can overflow when adding Slack to an Instant, after a crafted PRUNE with attacker-controlled backoff. This remotely reachable panic is triggered in heartbeat processing and is exploitable o...

rust-libp2p 安全漏洞

rust-libp2p is a Rust implementation of the libp2p open-source network stack. Versions of rust-libp2p prior to 0.49.4 contained a security vulnerability. This vulnerability stemmed from the lack of checks for arithmetic operations involving Instant and Duration when processing specially crafted...

rust-libp2p 输入验证错误漏洞

rust-libp2p is a Rust implementation of the libp2p open-source network stack. Prior to version 0.49.3, rust-libp2p had a vulnerability related to input validation errors. This vulnerability stemmed from the Gossipsub implementation accepting PRUNE evolutions controlled by attackers and potentiall...

libp2p DoS vulnerability from lack of resource management

Impact Versions older than v0.38.0 of js-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can cause the allocation of large amounts of memory, ultimately leading to the process getting killed ...

rust-libp2p 资源管理错误漏洞

rust-libp2p is a Rust implementation of the libp2p network stack from the libp2p open source. A security vulnerability exists in versions prior to rust-libp2p v0.45.1 , which can be exploited by an attacker to cause a victim node to allocate a large number of small memory blocks , eventually...

Unexpected panic in multihash `from_slice` parsing code

In versions prior 0.11.3 it's possible to make fromslice panic by feeding it certain malformed input. It's never documented that fromslice and frombytes which wraps it can panic, and its' return type Result suggests otherwise. In practice, fromslice/frombytes is frequently used in networking code...

RUSTSEC-2020-0068 Unexpected panic in multihash `from_slice` parsing code

In versions prior 0.11.3 it's possible to make fromslice panic by feeding it certain malformed input. It's never documented that fromslice and frombytes which wraps it can panic, and its' return type Result suggests otherwise. In practice, fromslice/frombytes is frequently used in networking code...

RUSTSEC-2019-0032 crust repo has been archived; use libp2p instead

The crust crate repo was archived with no warning or explanation. Given that it was archived with no warning or successor, there's not an official replacement but rust-libp2p looks like it's got a similar feature set and is actively maintained...

crust repo has been archived; use libp2p instead

The crust crate repo was archived with no warning or explanation. Given that it was archived with no warning or successor, there's not an official replacement but rust-libp2p looks like it's got a similar feature set and is actively maintained...