CVE-2022-23487
- Source
- https://cve.org/CVERecord?id=CVE-2022-23487
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23487.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-23487
- Aliases
- Published
- 2022-12-07T20:05:35.319Z
- Modified
- 2026-03-14T00:45:49.789637Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- libp2p denial of service vulnerability from lack of resource management
- Details
-
js-libp2p is the official javascript Implementation of libp2p networking stack. Versions older than
v0.38.0of js-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can cause the allocation of large amounts of memory, ultimately leading to the process getting killed by the host’s operating system. While a connection manager tasked with keeping the number of connections within manageable limits has been part of js-libp2p, this component was designed to handle the regular churn of peers, not a targeted resource exhaustion attack. Users are advised to update their js-libp2p dependency tov0.38.0or greater. There are no known workarounds for this vulnerability. - Database specific
{ "cwe_ids": [ "CWE-400" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23487.json", "cna_assigner": "GitHub_M" }- References
Affected packages
Git / github.com/libp2p/js-libp2p
Affected versions
v0.*
v0.0.1
v0.1.0
v0.1.1
v0.10.0
v0.10.1
v0.10.2
v0.11.0
v0.12.0
v0.12.2
v0.12.3
v0.12.4
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.1
v0.14.2
v0.14.3
v0.15.0
v0.15.1
v0.15.2
v0.16.0
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.16.5
v0.17.0
v0.18.0
v0.19.0
v0.19.2
v0.2.0
v0.2.1
v0.20.0
v0.20.1
v0.20.2
v0.20.4
v0.21.0
v0.22.0
v0.23.0
v0.23.1
v0.24.0
v0.24.0-rc.3
v0.24.1
v0.24.2
v0.24.3
v0.24.4
v0.25.0
v0.25.0-rc.0
v0.25.0-rc.1
v0.25.0-rc.2
v0.25.0-rc.3
v0.25.0-rc.4
v0.25.0-rc.5
v0.25.0-rc.6
v0.25.1
v0.25.2
v0.25.3
v0.25.4
v0.25.5
v0.26.0
v0.26.0-rc.0
v0.26.0-rc.1
v0.26.0-rc.2
v0.26.0-rc.3
v0.26.1
v0.26.2
v0.27.0
v0.27.1
v0.27.2
v0.27.3
v0.27.4
v0.27.5
v0.27.6
v0.27.7
v0.27.8
v0.28.0
v0.28.0-rc.0
v0.28.1
v0.28.10
v0.28.2
v0.28.3
v0.28.4
v0.28.5
v0.28.6
v0.28.7
v0.28.8
v0.28.9
v0.29.0
v0.29.1
v0.29.2
v0.29.3
v0.29.4
v0.3.0
v0.3.1
v0.30.0
v0.30.1
v0.30.10
v0.30.11
v0.30.12
v0.30.2
v0.30.3
v0.30.4
v0.30.5
v0.30.6
v0.30.7
v0.30.8
v0.30.9
v0.31.0
v0.31.0-rc.0
v0.31.0-rc.1
v0.31.0-rc.2
v0.31.0-rc.3
v0.31.0-rc.4
v0.31.0-rc.5
v0.31.0-rc.6
v0.31.0-rc.7
v0.31.1
v0.31.2
v0.31.3
v0.31.4
v0.31.5
v0.31.6
v0.31.7
v0.32.0
v0.32.0-rc.0
v0.32.1
v0.32.2
v0.32.3
v0.32.4
v0.32.5
v0.33.0
v0.34.0
v0.35.0
v0.35.1
v0.35.2
v0.35.3
v0.35.4
v0.35.5
v0.35.6
v0.35.7
v0.35.8
v0.36.0
v0.36.1
v0.36.2
v0.37.0
v0.37.1
v0.37.2
v0.37.3
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.6.0
v0.6.1
v0.6.2
v0.7.0
v0.8.0
v0.9.0
v0.9.1
Git / github.com/libp2p/rust-libp2p
Affected versions
0.*
0.13.2
libp2p-core-0.*
libp2p-core-0.19.2
libp2p-core-0.20.0
libp2p-core-0.20.1
libp2p-core-0.21.0
libp2p-core-0.22.0
libp2p-core-0.22.1
libp2p-core-0.23.0
libp2p-core-0.23.1
libp2p-core-0.24.0
libp2p-core-0.25.0
libp2p-core-0.25.1
libp2p-core-0.25.2
libp2p-core-0.26.0
libp2p-core-0.27.0
libp2p-core-0.27.1
libp2p-core-0.28.0
libp2p-core-0.28.1
libp2p-core-0.28.2
libp2p-core-0.28.3
libp2p-core-derive-0.*
libp2p-core-derive-0.20.0
libp2p-core-derive-0.20.1
libp2p-core-derive-0.20.2
libp2p-core-derive-0.21.0
libp2p-deflate-0.*
libp2p-deflate-0.19.2
libp2p-deflate-0.20.0
libp2p-deflate-0.21.0
libp2p-deflate-0.22.0
libp2p-deflate-0.23.0
libp2p-deflate-0.24.0
libp2p-deflate-0.25.0
libp2p-deflate-0.26.0
libp2p-deflate-0.27.0
libp2p-deflate-0.27.1
libp2p-deflate-0.28.0
libp2p-dns-0.*
libp2p-dns-0.20.0
libp2p-dns-0.21.0
libp2p-dns-0.22.0
libp2p-dns-0.23.0
libp2p-dns-0.24.0
libp2p-dns-0.25.0
libp2p-dns-0.26.0
libp2p-dns-0.27.0
libp2p-dns-0.28.0
libp2p-dns-0.28.1
libp2p-floodsub-0.*
libp2p-floodsub-0.19.1
libp2p-floodsub-0.20.0
libp2p-floodsub-0.21.0
libp2p-floodsub-0.22.0
libp2p-floodsub-0.23.0
libp2p-floodsub-0.24.0
libp2p-floodsub-0.25.0
libp2p-floodsub-0.26.0
libp2p-floodsub-0.27.0
libp2p-floodsub-0.28.0
libp2p-floodsub-0.29.0
libp2p-gossipsub-0.*
libp2p-gossipsub-0.19.2
libp2p-gossipsub-0.19.3
libp2p-gossipsub-0.20.0
libp2p-gossipsub-0.21.0
libp2p-gossipsub-0.22.0
libp2p-gossipsub-0.23.0
libp2p-gossipsub-0.24.0
libp2p-gossipsub-0.25.0
libp2p-gossipsub-0.26.0
libp2p-gossipsub-0.27.0
libp2p-gossipsub-0.28.0
libp2p-gossipsub-0.29.0
libp2p-gossipsub-0.30.0
libp2p-gossipsub-0.30.1
libp2p-identify-0.*
libp2p-identify-0.19.2
libp2p-identify-0.20.0
libp2p-identify-0.21.0
libp2p-identify-0.22.0
libp2p-identify-0.23.0
libp2p-identify-0.24.0
libp2p-identify-0.25.0
libp2p-identify-0.26.0
libp2p-identify-0.27.0
libp2p-identify-0.28.0
libp2p-identify-0.29.0
libp2p-kad-0.*
libp2p-kad-0.20.0
libp2p-kad-0.20.1
libp2p-kad-0.21.0
libp2p-kad-0.22.0
libp2p-kad-0.22.1
libp2p-kad-0.23.0
libp2p-kad-0.24.0
libp2p-kad-0.25.0
libp2p-kad-0.26.0
libp2p-kad-0.27.0
libp2p-kad-0.28.0
libp2p-kad-0.28.1
libp2p-kad-0.29.0
libp2p-kad-0.30.0
libp2p-kad-v0.*
libp2p-kad-v0.27.1
libp2p-mdns-0.*
libp2p-mdns-0.19.2
libp2p-mdns-0.20.0
libp2p-mdns-0.21.0
libp2p-mdns-0.22.0
libp2p-mdns-0.23.0
libp2p-mdns-0.24.0
libp2p-mdns-0.25.0
libp2p-mdns-0.26.0
libp2p-mdns-0.27.0
libp2p-mdns-0.28.0
libp2p-mdns-0.28.1
libp2p-mdns-0.29.0
libp2p-mdns-0.30.0
libp2p-mdns-0.30.1
libp2p-mdns-0.30.2
libp2p-mplex-0.*
libp2p-mplex-0.19.2
libp2p-mplex-0.20.0
libp2p-mplex-0.21.0
libp2p-mplex-0.22.0
libp2p-mplex-0.23.0
libp2p-mplex-0.23.1
libp2p-mplex-0.24.0
libp2p-mplex-0.25.0
libp2p-mplex-0.26.0
libp2p-mplex-0.27.0
libp2p-mplex-0.27.1
libp2p-mplex-0.28.0
libp2p-noise-0.*
libp2p-noise-0.19.1
libp2p-noise-0.20.0
libp2p-noise-0.21.0
libp2p-noise-0.22.0
libp2p-noise-0.23.0
libp2p-noise-0.24.0
libp2p-noise-0.25.0
libp2p-noise-0.26.0
libp2p-noise-0.27.0
libp2p-noise-0.28.0
libp2p-noise-0.29.0
libp2p-noise-0.30.0
libp2p-ping-0.*
libp2p-ping-0.19.3
libp2p-ping-0.20.0
libp2p-ping-0.21.0
libp2p-ping-0.22.0
libp2p-ping-0.23.0
libp2p-ping-0.24.0
libp2p-ping-0.25.0
libp2p-ping-0.26.0
libp2p-ping-0.27.0
libp2p-ping-0.28.0
libp2p-ping-0.29.0
libp2p-ping-v0.*
libp2p-ping-v0.19.2
libp2p-plaintext-0.*
libp2p-plaintext-0.19.1
libp2p-plaintext-0.20.0
libp2p-plaintext-0.21.0
libp2p-plaintext-0.22.0
libp2p-plaintext-0.23.0
libp2p-plaintext-0.24.0
libp2p-plaintext-0.24.1
libp2p-plaintext-0.25.0
libp2p-plaintext-0.26.0
libp2p-plaintext-0.27.0
libp2p-plaintext-0.27.1
libp2p-plaintext-0.28.0
libp2p-pnet-0.*
libp2p-pnet-0.19.1
libp2p-pnet-0.20.0
libp2p-pnet-0.29.2
libp2p-relay-0.*
libp2p-relay-0.1.0
libp2p-relay-0.2.0
libp2p-request-response-0.*
libp2p-request-response-0.1.1
libp2p-request-response-0.10.0
libp2p-request-response-0.11.0
libp2p-request-response-0.2.0
libp2p-request-response-0.3.0
libp2p-request-response-0.4.0
libp2p-request-response-0.5.0
libp2p-request-response-0.6.0
libp2p-request-response-0.7.0
libp2p-request-response-0.8.0
libp2p-request-response-0.9.0
libp2p-request-response-0.9.1
libp2p-secio-0.*
libp2p-secio-0.19.2
libp2p-secio-0.20.0
libp2p-secio-0.21.0
libp2p-secio-0.22.0
libp2p-secio-0.23.0
libp2p-secio-0.24.0
libp2p-secio-0.25.0
libp2p-secio-0.26.0
libp2p-swarm-0.*
libp2p-swarm-0.19.1
libp2p-swarm-0.20.0
libp2p-swarm-0.20.1
libp2p-swarm-0.21.0
libp2p-swarm-0.22.0
libp2p-swarm-0.23.0
libp2p-swarm-0.24.0
libp2p-swarm-0.25.0
libp2p-swarm-0.25.1
libp2p-swarm-0.26.0
libp2p-swarm-0.27.0
libp2p-swarm-0.27.1
libp2p-swarm-0.27.2
libp2p-swarm-0.28.0
libp2p-swarm-0.29.0
libp2p-swarm-derive-0.*
libp2p-swarm-derive-0.22.0
libp2p-swarm-derive-0.23.0
libp2p-tcp-0.*
libp2p-tcp-0.19.2
libp2p-tcp-0.20.0
libp2p-tcp-0.21.0
libp2p-tcp-0.22.0
libp2p-tcp-0.23.0
libp2p-tcp-0.24.0
libp2p-tcp-0.25.0
libp2p-tcp-0.25.1
libp2p-tcp-0.26.0
libp2p-tcp-0.27.0
libp2p-tcp-0.27.1
libp2p-tcp-0.28.0
libp2p-uds-0.*
libp2p-uds-0.19.2
libp2p-uds-0.20.0
libp2p-uds-0.21.0
libp2p-uds-0.22.0
libp2p-uds-0.23.0
libp2p-uds-0.24.0
libp2p-uds-0.25.0
libp2p-uds-0.26.0
libp2p-uds-0.27.0
libp2p-uds-0.28.0
libp2p-wasm-ext-0.*
libp2p-wasm-ext-0.20.0
libp2p-wasm-ext-0.20.1
libp2p-wasm-ext-0.21.0
libp2p-wasm-ext-0.22.0
libp2p-wasm-ext-0.23.0
libp2p-wasm-ext-0.24.0
libp2p-wasm-ext-0.25.0
libp2p-wasm-ext-0.26.0
libp2p-wasm-ext-0.27.0
libp2p-wasm-ext-0.28.0
libp2p-wasm-ext-0.28.1
libp2p-wasm-ext-0.28.2
libp2p-websocket-0.*
libp2p-websocket-0.20.0
libp2p-websocket-0.20.1
libp2p-websocket-0.21.0
libp2p-websocket-0.21.1
libp2p-websocket-0.22.0
libp2p-websocket-0.23.0
libp2p-websocket-0.24.0
libp2p-websocket-0.25.0
libp2p-websocket-0.26.0
libp2p-websocket-0.26.1
libp2p-websocket-0.26.2
libp2p-websocket-0.26.3
libp2p-websocket-0.27.0
libp2p-websocket-0.28.0
libp2p-websocket-0.29.0
libp2p-yamux-0.*
libp2p-yamux-0.19.1
libp2p-yamux-0.20.0
libp2p-yamux-0.21.0
libp2p-yamux-0.22.0
libp2p-yamux-0.23.0
libp2p-yamux-0.24.0
libp2p-yamux-0.25.0
libp2p-yamux-0.26.0
libp2p-yamux-0.27.0
libp2p-yamux-0.28.0
libp2p-yamux-0.29.0
libp2p-yamux-0.30.0
libp2p-yamux-0.30.1
libp2p-yamux-0.31.0
libp2p-yamux-0.32.0
multistream-select-0.*
multistream-select-0.10.0
multistream-select-0.10.1
multistream-select-0.10.2
multistream-select-0.8.2
multistream-select-0.8.3
multistream-select-0.8.4
multistream-select-0.8.5
multistream-select-0.9.0
multistream-select-0.9.1
parity-multiaddr-0.*
parity-multiaddr-0.10.0
parity-multiaddr-0.11.0
parity-multiaddr-0.11.1
parity-multiaddr-0.11.2
parity-multiaddr-0.9.1
parity-multiaddr-0.9.2
parity-multiaddr-0.9.3
parity-multiaddr-0.9.4
parity-multiaddr-0.9.5
parity-multiaddr-0.9.6
v0.*
v0.1.0
v0.10.0
v0.11.0
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.14.0-alpha.1
v0.15.0
v0.16.0
v0.16.1
v0.16.2
v0.17.0
v0.18.0
v0.18.1
v0.19.0
v0.19.1
v0.2.0
v0.2.1
v0.2.2
v0.20.0
v0.20.1
v0.21.0
v0.21.1
v0.22.0
v0.23.0
v0.24.0
v0.25.0
v0.26.0
v0.27.0
v0.28.0
v0.28.1
v0.29.0
v0.29.1
v0.3.0
v0.3.1
v0.30.0
v0.30.1
v0.31.0
v0.31.1
v0.31.2
v0.32.0
v0.32.1
v0.32.2
v0.33.0
v0.34.0
v0.35
v0.35.1
v0.36.0
v0.37.0
v0.37.1
v0.4.0
v0.4.2
v0.5.0
v0.6.0
v0.7.0
v0.8.0
v0.9.0
v0.9.1