Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libp2p libp2p vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-39533
go-libp2p is the Go implementation of the libp2p Networking Stack. Prior to versions 0.27.8, 0.28.2, and 0.29.1 malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key. This vulnerabi...
Libp2p Go-libp2p
Libp2p Go-libp2p 0.29.0
7.5
CVSSv3
CVE-2019-15545
An issue exists in the libp2p-core crate prior to 0.8.1 for Rust. Attackers can spoof ed25519 signatures.
Libp2p Libp2p
9.8
CVSSv3
CVE-2020-36443
An issue exists in the libp2p-deflate crate prior to 0.27.1 for Rust. An uninitialized buffer is passed to AsyncRead::poll_read(), which is a user-provided trait function.
Libp2p Libp2p-deflate
7.5
CVSSv3
CVE-2022-23487
js-libp2p is the official javascript Implementation of libp2p networking stack. Versions older than `v0.38.0` of js-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can ...
Protocol Libp2p
7.5
CVSSv3
CVE-2022-23486
libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions before 0.45.1 an attacker node can cause a victim node to allocate a large number of small memory chunks, which can ultimately lead to the victim’s process running out of me...
Protocol Libp2p
7.5
CVSSv3
CVE-2022-23492
go-libp2p is the offical libp2p implementation in the Go programming language. Version `0.18.0` and older of go-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can caus...
Protocol Libp2p
7.5
CVSSv3
CVE-2023-40583
libp2p is a networking stack and library modularized out of The IPFS Project, and bundled separately for other tools to use. In go-libp2p, by using signed peer records a malicious actor can store an arbitrary amount of data in a remote node’s memory. This memory does not ge...
Protocol Libp2p
7.4
CVSSv3
CVE-2022-24759
`@chainsafe/libp2p-noise` contains TypeScript implementation of noise protocol, an encryption protocol used in libp2p. `@chainsafe/libp2p-noise` prior to 4.1.2 and 5.0.3 does not correctly validate signatures during the handshake process. This may allow a man-in-the-middle to pos...
Chainsafe Js-libp2p-noise
NA
CVE-2024-32984
Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. The Rust implementation of the Yamux stream multiplexer uses a vector for pending frames. This vector is not bounded in length. Every time the Yamux protocol requires sending of a new frame, this fra...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started