OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-27 06:29:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add libp2p DoS (#1555)

Browse Source
This commit is contained in:
pinkforest(she/her)
2023-02-02 22:22:26 +11:00
committed by GitHub
parent afb1c10d60
commit 52ce3729d8
1 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
crates/libp2p/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,21 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "libp2p"
date = "2022-07-12"
url = "https://github.com/libp2p/rust-libp2p/security/advisories/GHSA-jvgw-gccv-q5p8"
aliases = ["CVE-2022-23486", "GHSA-jvgw-gccv-q5p8"]
categories = ["denial-of-service"]
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
[versions]
patched = [">= 0.45.1"]
```
# libp2p Lack of resource management DoS
libp2p allows a potential attacker to cause victim p2p node to run out of memory
The out of memory failure can cause crashes where libp2p is intended to be used
within large scale networks leading to potential Denial of Service (DoS) vector
Users should upgrade or reference the [DoS mitigation strategies](https://docs.libp2p.io/reference/dos-mitigation/).