Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libp2p libp2p vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-39533
go-libp2p is the Go implementation of the libp2p Networking Stack. Prior to versions 0.27.8, 0.28.2, and 0.29.1 malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key. This vulnerabi...
Libp2p Go-libp2p
Libp2p Go-libp2p 0.29.0
445
VMScore
CVE-2019-15545
An issue exists in the libp2p-core crate prior to 0.8.1 for Rust. Attackers can spoof ed25519 signatures.
Libp2p Libp2p
668
VMScore
CVE-2020-36443
An issue exists in the libp2p-deflate crate prior to 0.27.1 for Rust. An uninitialized buffer is passed to AsyncRead::poll_read(), which is a user-provided trait function.
Libp2p Libp2p-deflate
NA
CVE-2022-23487
js-libp2p is the official javascript Implementation of libp2p networking stack. Versions older than `v0.38.0` of js-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can ...
Protocol Libp2p
NA
CVE-2023-40583
libp2p is a networking stack and library modularized out of The IPFS Project, and bundled separately for other tools to use. In go-libp2p, by using signed peer records a malicious actor can store an arbitrary amount of data in a remote node’s memory. This memory does not ge...
Protocol Libp2p
NA
CVE-2022-23486
libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions before 0.45.1 an attacker node can cause a victim node to allocate a large number of small memory chunks, which can ultimately lead to the victim’s process running out of me...
Protocol Libp2p
NA
CVE-2022-23492
go-libp2p is the offical libp2p implementation in the Go programming language. Version `0.18.0` and older of go-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can caus...
Protocol Libp2p
516
VMScore
CVE-2022-24759
`@chainsafe/libp2p-noise` contains TypeScript implementation of noise protocol, an encryption protocol used in libp2p. `@chainsafe/libp2p-noise` prior to 4.1.2 and 5.0.3 does not correctly validate signatures during the handshake process. This may allow a man-in-the-middle to pos...
Chainsafe Js-libp2p-noise
NA
CVE-2024-32984
Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. The Rust implementation of the Yamux stream multiplexer uses a vector for pending frames. This vector is not bounded in length. Every time the Yamux protocol requires sending of a new frame, this fra...
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started