CVE-2022-23486

CVE-2022-23486 affects the Rust implementation of libp2p (libp2p-rust) in versions before 0.45.1. An attacker node can induce a victim to allocate a large number of small memory chunks, exhausting the victim process memory and potentially causing OOM/killing, enabling a denial-of-service, especia...

CVE-2022-23492

CVE-2022-23492 concerns go-libp2p (Go implementation). Versions ≤ 0.18.0 are vulnerable to targeted resource exhaustion via memory-heavy operations, impacting connections, streams, peers, and memory management and potentially killing the host process. Multiple sources (NVD, Red Hat, OSV, CVE list...

CVE-2022-23487

This CVE affects js-libp2p: versions older than v0.38.0 are vulnerable to targeted resource exhaustion attacks that stress memory management (allocation of large memory, risking host OS termination). The issue is described across multiple sources (e.g., Red Hat RH-CVE, NVD/NVD lists, OSV) as a de...

CVE-2023-40583

CVE-2023-40583 affects go-libp2p (libp2p Go implementation). A malicious actor can inject signed peer records to a remote node, causing unbounded memory growth in the victim’s node and eventual crash due to out-of-memory (OOM). The issue is explicitly documented as memory retention with no automa...

CVE-2026-35405

CVE-2026-35405 (libp2p-rendezvous) : The Red Hat/NVD et al. documents describe a vulnerability in libp2p-rendezvous where the server has no limit on how many namespaces a single peer can register. As a result, a malicious or multiple sybil peers can repeatedly register unique namespaces, each reg...

CVE-2026-35457

CVE-2026-35457 affects libp2p-rust prior to 0.17.1, where the rendezvous server stores pagination cookies without bounds. The DISCOVER handling creates new cookies and inserts them into Registrations::cookies with no upper bound or eviction, enabling an unauthenticated peer to trigger repeated re...