Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

libp2p libp2p vulnerabilities and exploits

(subscribe to this query)
7.5
CVSSv3
CVE-2023-39533
go-libp2p is the Go implementation of the libp2p Networking Stack. Prior to versions 0.27.8, 0.28.2, and 0.29.1 malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key. This vulnerabi...
Libp2p Go-libp2pLibp2p Go-libp2p 0.29.0
7.5
CVSSv3
CVE-2019-15545
An issue exists in the libp2p-core crate prior to 0.8.1 for Rust. Attackers can spoof ed25519 signatures.
Libp2p Libp2p
9.8
CVSSv3
CVE-2020-36443
An issue exists in the libp2p-deflate crate prior to 0.27.1 for Rust. An uninitialized buffer is passed to AsyncRead::poll_read(), which is a user-provided trait function.
Libp2p Libp2p-deflate
7.5
CVSSv3
CVE-2022-23492
go-libp2p is the offical libp2p implementation in the Go programming language. Version `0.18.0` and older of go-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can caus...
Protocol Libp2p
7.5
CVSSv3
CVE-2023-40583
libp2p is a networking stack and library modularized out of The IPFS Project, and bundled separately for other tools to use. In go-libp2p, by using signed peer records a malicious actor can store an arbitrary amount of data in a remote node’s memory. This memory does not ge...
Protocol Libp2p
7.5
CVSSv3
CVE-2022-23486
libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions before 0.45.1 an attacker node can cause a victim node to allocate a large number of small memory chunks, which can ultimately lead to the victim’s process running out of me...
Protocol Libp2p
7.5
CVSSv3
CVE-2022-23487
js-libp2p is the official javascript Implementation of libp2p networking stack. Versions older than `v0.38.0` of js-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can ...
Protocol Libp2p
7.4
CVSSv3
CVE-2022-24759
`@chainsafe/libp2p-noise` contains TypeScript implementation of noise protocol, an encryption protocol used in libp2p. `@chainsafe/libp2p-noise` prior to 4.1.2 and 5.0.3 does not correctly validate signatures during the handshake process. This may allow a man-in-the-middle to pos...
Chainsafe Js-libp2p-noise
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook