CVE-2023-40583
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-40583
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-40583.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-40583
- Aliases
- Published
- 2023-08-25T20:25:28.297Z
- Modified
- 2025-12-11T02:04:41.516967Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- libp2p nodes vulnerable to OOM attack
- Details
-
libp2p is a networking stack and library modularized out of The IPFS Project, and bundled separately for other tools to use. In go-libp2p, by using signed peer records a malicious actor can store an arbitrary amount of data in a remote node’s memory. This memory does not get garbage collected and so the victim can run out of memory and crash. If users of go-libp2p in production are not monitoring memory consumption over time, it could be a silent attack i.e. the attacker could bring down nodes over a period of time (how long depends on the node resources i.e. a go-libp2p node on a virtual server with 4 gb of memory takes about 90 sec to bring down; on a larger server, it might take a bit longer.) This issue was patched in version 0.27.4.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-400" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/40xxx/CVE-2023-40583.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/40xxx/CVE-2023-40583.json
- https://github.com/libp2p/go-libp2p/commit/45d3c6fff662ddd6938982e7e9309ad5fa2ad8dd
- https://github.com/libp2p/go-libp2p/releases/tag/v0.27.4
- https://github.com/libp2p/go-libp2p/releases/tag/v0.27.7
- https://github.com/libp2p/go-libp2p/security/advisories/GHSA-gcq9-qqwx-rgj3
- https://nvd.nist.gov/vuln/detail/CVE-2023-40583
Affected packages
Git / github.com/libp2p/go-libp2p
Affected ranges
- Type
- GIT
- Repo
- https://github.com/libp2p/go-libp2p
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixed
Affected versions
gx/v1.*
gx/v1.0.0
gx/v2.*
gx/v2.0.1
gx/v2.0.2
gx/v2.0.3
gx/v3.*
gx/v3.0.0
gx/v3.1.0
gx/v3.2.0
gx/v3.2.1
gx/v3.2.2
gx/v3.2.3
gx/v3.3.0
gx/v3.3.1
gx/v3.3.2
gx/v3.3.3
gx/v3.3.4
gx/v3.3.6
gx/v3.3.7
gx/v3.4.0
gx/v3.4.1
gx/v3.4.2
gx/v3.4.3
gx/v3.5.0
gx/v3.5.1
gx/v3.5.2
gx/v3.5.3
gx/v3.5.4
gx/v3.6.0
gx/v4.*
gx/v4.0.0
gx/v4.0.1
gx/v4.0.2
gx/v4.0.3
gx/v4.0.4
gx/v4.1.0
gx/v4.2.0
gx/v4.3.0
gx/v4.3.1
gx/v4.3.10
gx/v4.3.11
gx/v4.3.12
gx/v4.3.2
gx/v4.3.3
gx/v4.3.4
gx/v4.3.5
gx/v4.3.6
gx/v4.3.7
gx/v4.3.8
gx/v4.3.9
gx/v4.4.0
gx/v4.4.1
gx/v4.4.2
gx/v4.4.3
gx/v4.4.4
gx/v4.4.5
gx/v4.5.0
gx/v4.5.1
gx/v4.5.2
gx/v4.5.3
gx/v4.5.4
gx/v4.5.5
gx/v5.*
gx/v5.0.0
gx/v5.0.1
gx/v5.0.10
gx/v5.0.11
gx/v5.0.12
gx/v5.0.13
gx/v5.0.14
gx/v5.0.15
gx/v5.0.16
gx/v5.0.17
gx/v5.0.18
gx/v5.0.19
gx/v5.0.2
gx/v5.0.20
gx/v5.0.21
gx/v5.0.3
gx/v5.0.4
gx/v5.0.5
gx/v5.0.6
gx/v5.0.7
gx/v5.0.8
gx/v5.0.9
gx/v6.*
gx/v6.0.0
gx/v6.0.1
gx/v6.0.10
gx/v6.0.11
gx/v6.0.12
gx/v6.0.13
gx/v6.0.14
gx/v6.0.15
gx/v6.0.16
gx/v6.0.17
gx/v6.0.18
gx/v6.0.19
gx/v6.0.2
gx/v6.0.20
gx/v6.0.21
gx/v6.0.22
gx/v6.0.23
gx/v6.0.29
gx/v6.0.3
gx/v6.0.4
gx/v6.0.5
gx/v6.0.6
gx/v6.0.7
gx/v6.0.8
gx/v6.0.9
v0.*
v0.0.1
v0.0.10
v0.0.11
v0.0.12
v0.0.13
v0.0.14
v0.0.15
v0.0.16
v0.0.17
v0.0.18
v0.0.19
v0.0.2
v0.0.20
v0.0.21
v0.0.22
v0.0.23
v0.0.24
v0.0.25
v0.0.26
v0.0.27
v0.0.28
v0.0.29
v0.0.3
v0.0.30
v0.0.4
v0.0.5
v0.0.6
v0.0.7
v0.0.8
v0.0.9
v0.1.0
v0.1.1
v0.1.2
v0.10.0
v0.10.1
v0.10.2
v0.10.3
v0.11.0
v0.12.0
v0.13.0
v0.14.0
v0.14.1
v0.14.2
v0.14.3
v0.14.4
v0.15.0-rc.1
v0.16.0
v0.16.0-dev
v0.17.0
v0.18.0
v0.18.0-rc1
v0.18.0-rc2
v0.18.0-rc3
v0.18.0-rc4
v0.18.0-rc5
v0.18.0-rc6
v0.19.0
v0.2.0
v0.2.1
v0.20.0
v0.21.0
v0.21.0-rc
v0.22.0
v0.23.0
v0.23.1
v0.23.2
v0.24.0
v0.24.0-dev
v0.24.1
v0.24.2
v0.25.0
v0.25.1
v0.26.0
v0.26.1
v0.27.0
v0.27.1
v0.27.2
v0.27.3
v0.3.0
v0.3.1
v0.4.0
v0.4.1
v0.4.2
v0.5.0
v0.5.1
v0.5.2
v0.6.0
v0.6.1
v0.7.0
v0.7.1
v0.7.2
v0.7.3
v0.7.4
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v0.9.5
v0.9.6
Git / github.com/libp2p/js-libp2p
Affected ranges
- Type
- GIT
- Repo
- https://github.com/libp2p/js-libp2p
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.0.1
v0.1.0
v0.1.1
v0.10.0
v0.10.1
v0.10.2
v0.11.0
v0.12.0
v0.12.2
v0.12.3
v0.12.4
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.1
v0.14.2
v0.14.3
v0.15.0
v0.15.1
v0.15.2
v0.16.0
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.16.5
v0.17.0
v0.18.0
v0.19.0
v0.19.2
v0.2.0
v0.2.1
v0.20.0
v0.20.1
v0.20.2
v0.20.4
v0.21.0
v0.22.0
v0.23.0
v0.23.1
v0.24.0
v0.24.0-rc.3
v0.24.1
v0.24.2
v0.24.3
v0.24.4
v0.25.0
v0.25.0-rc.0
v0.25.0-rc.1
v0.25.0-rc.2
v0.25.0-rc.3
v0.25.0-rc.4
v0.25.0-rc.5
v0.25.0-rc.6
v0.25.1
v0.25.2
v0.25.3
v0.25.4
v0.25.5
v0.26.0
v0.26.0-rc.0
v0.26.0-rc.1
v0.26.0-rc.2
v0.26.0-rc.3
v0.26.1
v0.26.2
v0.27.0
v0.27.1
v0.27.2
v0.27.3
v0.3.0
v0.3.1
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.6.0
v0.6.1
v0.6.2
v0.7.0
v0.8.0
v0.9.0
v0.9.1