mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-02-23 15:38:27 +01:00
Add libp2p DoS (#1555)
This commit is contained in:
pinkforest(she/her)
committed by
GitHub
GitHub
parent
afb1c10d60
commit
52ce3729d8
21
crates/libp2p/RUSTSEC-0000-0000.md
Normal file
21
crates/libp2p/RUSTSEC-0000-0000.md
Normal file
@@ -0,0 +1,21 @@
|
|||||||
|
```toml
|
||||||
|
[advisory]
|
||||||
|
id = "RUSTSEC-0000-0000"
|
||||||
|
package = "libp2p"
|
||||||
|
date = "2022-07-12"
|
||||||
|
url = "https://github.com/libp2p/rust-libp2p/security/advisories/GHSA-jvgw-gccv-q5p8"
|
||||||
|
aliases = ["CVE-2022-23486", "GHSA-jvgw-gccv-q5p8"]
|
||||||
|
categories = ["denial-of-service"]
|
||||||
|
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
|
||||||
|
|
||||||
|
[versions]
|
||||||
|
patched = [">= 0.45.1"]
|
||||||
|
```
|
||||||
|
# libp2p Lack of resource management DoS
|
||||||
|
|
||||||
|
libp2p allows a potential attacker to cause victim p2p node to run out of memory
|
||||||
|
|
||||||
|
The out of memory failure can cause crashes where libp2p is intended to be used
|
||||||
|
within large scale networks leading to potential Denial of Service (DoS) vector
|
||||||
|
|
||||||
|
Users should upgrade or reference the [DoS mitigation strategies](https://docs.libp2p.io/reference/dos-mitigation/).
|
||||||
Reference in New Issue
Block a user