GHSA-x8c6-gj59-6rx8
Suggest an improvement- Source
- https://github.com/advisories/GHSA-x8c6-gj59-6rx8
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/07/GHSA-x8c6-gj59-6rx8/GHSA-x8c6-gj59-6rx8.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-x8c6-gj59-6rx8
- Aliases
- Published
- 2025-07-14T06:30:30Z
- Modified
- 2025-07-14T21:27:22.757936Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
- Summary
- py-libp2p is vulnerable to DoS attacks through use of large RSA keys
- Details
-
py-libp2p before 0.2.3 allows a peer to cause a denial of service (resource consumption) via a large RSA key.
- Database specific
{ "github_reviewed": true, "cwe_ids": [ "CWE-770" ], "nvd_published_at": "2025-07-14T05:15:27Z", "severity": "MODERATE", "github_reviewed_at": "2025-07-14T20:55:31Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2025-29606
- https://github.com/libp2p/py-libp2p/issues/526
- https://github.com/libp2p/py-libp2p/pull/531/files
- https://github.com/libp2p/py-libp2p/commit/e150d3153af30530ce61d751bc166e099f1ead7a
- https://github.com/libp2p/py-libp2p
- https://github.com/libp2p/py-libp2p/compare/v0.2.2...v0.2.3
Affected packages
PyPI / libp2p
Package
- Name
- libp2p
- View open source insights on deps.dev
- Purl
- pkg:pypi/libp2p