GHSA-r23h-3jmw-q7hr

Source

https://github.com/advisories/GHSA-r23h-3jmw-q7hr

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-r23h-3jmw-q7hr/GHSA-r23h-3jmw-q7hr.json

Aliases

CVE-2020-10937

Published

2024-04-24T20:01:46Z

Modified

2024-04-24T20:28:39.342007Z

Details

An issue was discovered in IPFS (aka go-ipfs) 0.4.23. An attacker can generate ephemeral identities (Sybils) and leverage the IPFS connection management reputation system to poison other nodes' routing tables, eclipsing the nodes that are the target of the attack from the rest of the network. Later versions, in particular go-ipfs 0.7, mitigate this.

References

https://nvd.nist.gov/vuln/detail/CVE-2020-10937
https://blog.ipfs.io/2020-10-30-dht-hardening
https://graz.pure.elsevier.com/en/publications/total-eclipse-of-the-heart-disrupting-the-interplanetary-file-sys

Affected packages

Go / github.com/ipfs/go-ipfs

Package

Name: github.com/ipfs/go-ipfs

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

0.7.0