Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Libp2p Security Vulnerabilities

cve
cve

CVE-2024-32984

Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. The Rust implementation of the Yamux stream multiplexer uses a vector for pending frames. This vector is not bounded in length. Every time the Yamux protocol requires sending of a new frame, this frame gets appended...

7.5CVSS

7.3AI Score

0.0004EPSS

2024-05-01 11:15 AM
28
cve
cve

CVE-2023-39533

go-libp2p is the Go implementation of the libp2p Networking Stack. Prior to versions 0.27.8, 0.28.2, and 0.29.1 malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key. This vulnerability is present in the....

7.5CVSS

7.4AI Score

0.001EPSS

2023-08-08 07:15 PM
153
cve
cve

CVE-2023-40583

libp2p is a networking stack and library modularized out of The IPFS Project, and bundled separately for other tools to use. In go-libp2p, by using signed peer records a malicious actor can store an arbitrary amount of data in a remote node’s memory. This memory does not get garbage collected and.....

7.5CVSS

7.5AI Score

0.001EPSS

2023-08-25 09:15 PM
25
cve
cve

CVE-2022-23492

go-libp2p is the offical libp2p implementation in the Go programming language. Version 0.18.0 and older of go-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can cause the allocation of large.....

7.5CVSS

7.4AI Score

0.001EPSS

2022-12-08 01:15 AM
60
cve
cve

CVE-2022-23487

js-libp2p is the official javascript Implementation of libp2p networking stack. Versions older than v0.38.0 of js-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can cause the allocation of...

7.5CVSS

7.5AI Score

0.001EPSS

2022-12-07 09:15 PM
36
cve
cve

CVE-2022-23486

libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.45.1 an attacker node can cause a victim node to allocate a large number of small memory chunks, which can ultimately lead to the victim’s process running out of memory and thus getting.....

7.5CVSS

7.4AI Score

0.001EPSS

2022-12-07 09:15 PM
57
cve
cve

CVE-2020-36443

An issue was discovered in the libp2p-deflate crate before 0.27.1 for Rust. An uninitialized buffer is passed to AsyncRead::poll_read(), which is a user-provided trait...

9.8CVSS

9.4AI Score

0.002EPSS

2021-08-08 06:15 AM
76
2
cve
cve

CVE-2019-15545

An issue was discovered in the libp2p-core crate before 0.8.1 for Rust. Attackers can spoof ed25519...

7.5CVSS

7.4AI Score

0.001EPSS

2019-08-26 06:15 PM
49