rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
9649b3d6151459a436e99eeb210b4cedaa33cabd
advisory-db/crates/libp2p/RUSTSEC-2022-0084.md
github-actions[bot] 9649b3d615 Assigned RUSTSEC-2022-0084 to libp2p (#1560) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
2023-02-02 22:22:51 +11:00

752 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2022-0084"
package = "libp2p"
date = "2022-07-12"
url = "https://github.com/libp2p/rust-libp2p/security/advisories/GHSA-jvgw-gccv-q5p8"
aliases = ["CVE-2022-23486", "GHSA-jvgw-gccv-q5p8"]
categories = ["denial-of-service"]
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"

[versions]
patched = [">= 0.45.1"]

libp2p Lack of resource management DoS

libp2p allows a potential attacker to cause victim p2p node to run out of memory

The out of memory failure can cause crashes where libp2p is intended to be used within large scale networks leading to potential Denial of Service (DoS) vector

Users should upgrade or reference the DoS mitigation strategies.